A fix is available
APAR status
Closed as unreproducible.
Error description
When the IIM Nonsecure SSL mode is turned on, IIM should ignore the certificate check errors. for example, when below command is run: imcl listAvailablePackages -preferences com.ibm.cic.common.core.preferences.ssl.nonsecureMode=true -repositories https://www.ibm.com/software/repositorymanager/com.ibm.isa.offer ings.v5 -prompt It is expected that the IIM will ignore the SSL certificate checks, but IIM still error out with error messages like this: Nonsecure SSL connection to ''www-912.ibm.com'' allowed in nonsecure SSL mode. Name according to certificate ''129.42.160.32''. Exception java.security.cert.CertificateException: hostname in certificate did not match: <www-912.ibm.com> != <xxx.yy.zz.ss> at com.ibm.cic.common.core.internal.downloads.CicX509TrustManager.v erifyHostname(CicX509TrustManager.java:137) at com.ibm.cic.common.core.internal.downloads.CicX509TrustManager.c heckServerTrusted(CicX509TrustManager.java:97) at com.ibm.jsse2.wc.checkServerTrusted(wc.java:57) at com.ibm.jsse2.bb.a(bb.java:540) ....
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * The issue described was not reproducible and no users will * * be affected. * **************************************************************** * PROBLEM DESCRIPTION: * * When the IBM Installation Manager Nonsecure SSL mode is * * turned on, Installation Manager should ignore * * the certificate check errors. for example, when below * * command is * * run: * * imcl listAvailablePackages -preferences * * com.ibm.cic.common.core.preferences.ssl.nonsecureMode=true * * -repositories * * https://www.ibm.com/software/repositorymanager/com.ibm.isa.o * * ffer * * ings.v5 -prompt * **************************************************************** * RECOMMENDATION: * * The original issue reported can not be reproduced in Lab, * * that is, certificate checks are indeed bypassed and working * * as designed in the IBM Installation Manager code when the * * flag * * com.ibm.cic.common.core.preferences.ssl.nonsecureMode=true * * is turned on. The original cause of the IBM Installation * * Manager networking errors appears to be caused by * * environmental issues and not certificate checking code * * related. * ****************************************************************
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PI41412
Reported component name
IBM INSTALL MGR
Reported component ID
RATLIMG00
Reported release
182
Status
CLOSED UR5
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-05-19
Closed date
2015-09-09
Last modified date
2016-01-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R100 PSN
UP
R111 PSN
UP
R112 PSN
UP
R120 PSN
UP
R121 PSN
UP
R130 PSN
UP
R131 PSN
UP
R132 PSN
UP
R133 PSN
UP
R134 PSN
UP
R140 PSN
UP
R141 PSN
UP
R142 PSN
UP
R143 PSN
UP
R144 PSN
UP
R150 PSN
UP
R151 PSN
UP
R152 PSN
UP
R153 PSN
UP
R160 PSN
UP
R161 PSN
UP
R162 PSN
UP
R163 PSN
UP
R170 PSN
UP
R171 PSN
UP
R172 PSN
UP
R173 PSN
UP
R174 PSN
UP
R180 PSN
UP
R181 PSN
UP
R182 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSDV2W","label":"IBM Installation Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.8.2","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
25 October 2021