IBM Support

PI59374: Certificate expiration reporting for IBM HTTP Server

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • IBM HTTP Server cannot report on certificate expiration at
    start
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM HTTP Servers with SSL enabled.          *
    ****************************************************************
    * PROBLEM DESCRIPTION: Certificate expiration checking         *
    *                      unavailable.                            *
    ****************************************************************
    * RECOMMENDATION:  Apply this fix if using SSL with IBM HTTP   *
    *                  Server.                                     *
    ****************************************************************
    IBM HTTP Server has not had the ability to assist users with
    identifying certificates that are nearing expiration or have
    already expired.
    

Problem conclusion

  • The optional 'SSLCheckCertificateExpiration' directive was
    added to check for expiring certificates at startup and report
    on TLS certificates that will expire within a specified number
    of days.
    
    If this directive is specified with a days parameter greater
    than zero, IHS  will check the validity range of each
    certificate (personal, issuer, and immediate) in each
    configured KeyFile during SSL initialization.
    
    For each certificate expiring within the specified number of
    days, the server will write a ALERT level message to the
    servers ErrorLog with the message ID "SSL0191E".
    
    If this directive is enabled, certificates which have already
    expired are printed at NOTICE level with message ID
    "SSL0192E", unless the second parameter is the string
    "no_expired".  To report only expired certificates, specify -1
    for the first parameter.
    
    This fix is targeted for IBM HTTP Server fix packs:
    - 8.0.0.13
    - 8.5.5.10
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI59374

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-03-18

  • Closed date

    2016-04-01

  • Last modified date

    2016-04-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022