IBM Support

PI41412: IBM INSTALLATION MANAGER SHOULD BYPASS CERTIFICATE CHECKS WHEN "NONSECURE SSL MODE" IS TURNED ON.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible.

Error description

  • When the IIM Nonsecure SSL mode is turned on, IIM should ignore
    the certificate check errors. for example, when below command is
    run:
    imcl listAvailablePackages -preferences
    com.ibm.cic.common.core.preferences.ssl.nonsecureMode=true
    -repositories
    https://www.ibm.com/software/repositorymanager/com.ibm.isa.offer
    ings.v5 -prompt
    It is expected that the IIM will ignore the SSL certificate
    checks, but IIM still error out with error messages like this:
    Nonsecure SSL connection to ''www-912.ibm.com'' allowed in
    nonsecure SSL mode. Name according to certificate
    ''129.42.160.32''. Exception
    java.security.cert.CertificateException:
    hostname in certificate did not match: <www-912.ibm.com> !=
    <xxx.yy.zz.ss>
    at
    com.ibm.cic.common.core.internal.downloads.CicX509TrustManager.v
    erifyHostname(CicX509TrustManager.java:137)
    at
    com.ibm.cic.common.core.internal.downloads.CicX509TrustManager.c
    heckServerTrusted(CicX509TrustManager.java:97)
    at com.ibm.jsse2.wc.checkServerTrusted(wc.java:57)
    at com.ibm.jsse2.bb.a(bb.java:540)
    ....
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * The issue described was not reproducible and no users will   *
    * be affected.                                                 *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * When the IBM Installation Manager Nonsecure SSL mode is      *
    * turned on, Installation Manager should ignore                *
    * the certificate check errors. for example, when below        *
    * command is                                                   *
    * run:                                                         *
    * imcl listAvailablePackages -preferences                      *
    * com.ibm.cic.common.core.preferences.ssl.nonsecureMode=true   *
    * -repositories                                                *
    * https://www.ibm.com/software/repositorymanager/com.ibm.isa.o *
    * ffer                                                         *
    * ings.v5 -prompt                                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * The original issue reported can not be reproduced in Lab,    *
    * that is, certificate checks are indeed bypassed and working  *
    * as designed in the IBM Installation Manager code when the    *
    * flag                                                         *
    * com.ibm.cic.common.core.preferences.ssl.nonsecureMode=true   *
    * is turned on. The original cause of the IBM Installation     *
    * Manager networking errors appears to be caused by            *
    * environmental issues and not certificate checking code       *
    * related.                                                     *
    ****************************************************************
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI41412

  • Reported component name

    IBM INSTALL MGR

  • Reported component ID

    RATLIMG00

  • Reported release

    182

  • Status

    CLOSED UR5

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-05-19

  • Closed date

    2015-09-09

  • Last modified date

    2016-01-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • R100 PSN

       UP

  • R111 PSN

       UP

  • R112 PSN

       UP

  • R120 PSN

       UP

  • R121 PSN

       UP

  • R130 PSN

       UP

  • R131 PSN

       UP

  • R132 PSN

       UP

  • R133 PSN

       UP

  • R134 PSN

       UP

  • R140 PSN

       UP

  • R141 PSN

       UP

  • R142 PSN

       UP

  • R143 PSN

       UP

  • R144 PSN

       UP

  • R150 PSN

       UP

  • R151 PSN

       UP

  • R152 PSN

       UP

  • R153 PSN

       UP

  • R160 PSN

       UP

  • R161 PSN

       UP

  • R162 PSN

       UP

  • R163 PSN

       UP

  • R170 PSN

       UP

  • R171 PSN

       UP

  • R172 PSN

       UP

  • R173 PSN

       UP

  • R174 PSN

       UP

  • R180 PSN

       UP

  • R181 PSN

       UP

  • R182 PSN

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSDV2W","label":"IBM Installation Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.8.2","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
25 October 2021