IBM Support

PH25309: PREVENTING USERS FROM MAKING A DELETION OF A CERTIFICATE IF THE ALIAS IS BEING USED IN DYNAMIC SSL CONFIG OR SSL CONFIG

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Creating a self-signed certificate in a keystore -> creating a
    dynamic outbound configuration -> adding that newly created
    certificate to the dynamic outbound config -> deleting the newly
    created certificate -> and then the non existent cert still
    shows on security.xml.
    
    This fix will prevent users from making a deletion of a
     certificate if the alias is being used in Dynamic SSL Config or
     SSL configurations. Moving forward if a user tries to delete a
    certificate whose alias is used in any of the mentioned
    configurations, an error will show up on the console preventing
    them from making the deletion.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    *                  that specify a certificate alias on ssl     *
    *                  configs or dynamic outbound selections.     *
    ****************************************************************
    * PROBLEM DESCRIPTION: User is allowed to delete a certificate *
    *                      from a keystore even thought the        *
    *                      certificate is reference by other       *
    *                      configurations.                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    User is allowed to potentially mess up configuration by deleting
    a
    certificate that is still referenced by other configurations.
    

Problem conclusion

  • Fix the code to make sure the certificate is not referenced by
    any
    other configuration before removing it.
    
    The fix for this APAR is targeted for inclusion in fix pack
    9.0.5.5and 8.5.5.18
    For more information, see 'Recommended Updates for WebSphere
    Application Server':
    https://www.ibm.com/support/pages/node/715553
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH25309

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-05-12

  • Closed date

    2020-08-14

  • Last modified date

    2020-08-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850"}]

Document Information

Modified date:
14 September 2020