IBM Support

SE76138 - OSP-CERT POPULATE STORE WITH CA CERTIFICATES NEEDS AN UPDATE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR (Authorized Program Analysis Report)

Abstract

OSP-CERT POPULATE STORE WITH CA CERTIFICATES NEEDS AN UPDATE

Error Description

The list of certificates in the populate a certificate store    
with CA certificates contains older certificates.  Since that  
time, DigiCert acquired Symantec's CA business which also      
includes GeoTrust, Thawte, and RapidSSL. Customers that used    
these CA providers were issued new certificates and therefore  
need the new Intermediate CA certificates along with the new    
Root CA certificates in their certificate stores to establish a
trust relationship.                                            

Problem Summary

The list of certificates in the populate a certificate store    
with CA certificates contains older certificates.  Many root and
intermediate CA certificates have been created since this list  
was created and therefore needs an update.                      

Problem Conclusion

The certificates in the Populate with CA Certificates          
functionality has been increased to included many more          
intermediate and root CA certificates.  The list of certificates
available with this functionality is below.  The certificates  
added with the update are marked with a '*'.                    
                                                               
*  DIGICERT_EV_RSA_CA_G2                                        
*  DIGICERT_EXTENDED_VALIDATION_CA_G3                          
   DIGICERT_GLOBAL_CA_G2                                        
   DIGICERT_GLOBAL_CA_G3                                        
*  DIGICERT_GLOBAL_G2_TLS_RSA_SHA256_2020_CA1                  
*  DIGICERT_GLOBAL_G3_TLS_ECC_SHA384_2020_CA1                  
*  DIGICERT_GLOBAL_ROOT_CA                                      
   DIGICERT_GLOBAL_ROOT_G2                                      
   DIGICERT_GLOBAL_ROOT_G3                                      
*  DIGICERT_HIGH_ASSURANCE_EV_ROOT_CA                          
*  DIGICERT_SHA2_EXTENDED_VALIDATION_SERVER_CA                  
*  DIGICERT_SHA2_SECURE_SERVER_CA                              
*  DIGICERT_TLS_HYBRID_ECC_SHA384_2020_CA1                      
*  DIGICERT_TLS_RSA_SHA256_2020_CA1                            
*  DIGICERT_TRUSTED_G4_TLS_RSA_SHA384_2020_CA1                  
   DIGICERT_TRUSTED_ROOT_G4                                    
   DIGICERT_TRUSTED_SERVER_CA_G4                                
*  ENTRUST_CERTIFICATE_AUTHORITY_L1F                            
*  ENTRUST_CERTIFICATE_AUTHORITY_L1J                            
*  ENTRUST_CERTIFICATE_AUTHORITY_L1K                            
*  ENTRUST_CERTIFICATE_AUTHORITY_L1M                            
   ENTRUST_ROOT_CA_EC1                                          
   ENTRUST_ROOT_CA_G2                                          
*  GEOTRUST_EV_RSA_CA_2018                                      
*  GEOTRUST_EV_RSA_CA_G2                                        
   GEOTRUST_PRIMARY_CA_G2                                      
   GEOTRUST_PRIMARY_CA_G3                                      
*  GEOTRUST_RSA_CA_2018                                        
*  GEOTRUST_TLS_RSA_CA_G1                                      
*  GLOBALSIGN_ECC_ROOT_CA_R5                                    
*  GLOBALSIGN_EXTENDED_VALIDATION_CA_SHA256_G3                  
*  GLOBALSIGN_ORG_VALIDATED_CA_SHA256_G4                        
*  GLOBALSIGN_ROOT_CA                                          
*  GLOBALSIGN_ROOT_CA_R3                                        
*  GLOBALSIGN_ROOT_CA_R6                                        
*  GLOBALSIGN_ROOT_E46                                          
*  GLOBALSIGN_ROOT_R46                                          
*  GLOBALSIGN_RSA_OV_SSL_CA_2018                                
*  GLOBALSIGN_TRUSTED_ROOT_CA_SHA256_G2                        
   GODADDY_ROOT_CA_G2                                          
*  GODADDY_ROOT_CA_G3                                          
*  GODADDY_ROOT_CA_G4                                          
   GODADDY_SECURE_CA_G2                                        
*  GODADDY_SECURE_CA_G3                                        
*  GODADDY_SECURE_CA_G4                                        
*  ISRG_ROOT_X1                                                
*  ISRG_ROOT_X2                                                
*  E1_LETS_ENCRYPT                                              
*  R3_LETS_ENCRYPT                                              
*  RAPIDSSL_ECC_CA_2018                                        
*  RAPIDSSL_RSA_CA_2018                                        
*  RAPIDSSL_TLS_RSA_CA_G1                                      
   SYMANTEC_CLASS1_PRIMARY_CA_G6                                
   SYMANTEC_CLASS2_PRIMARY_CA_G6                                
   SYMANTEC_CLASS3_ECC_SSL_CA                                  
   SYMANTEC_CLASS3_SECURE_SERVER_SSL_CA                        
*  THAWTE_EV_RSA_CA_2018                                        
*  THAWTE_EV_RSA_CA_G2                                          
   THAWTE_EV_SHA256_SSL_CA                                      
   THAWTE_PRIMARY_ROOT_CA_G2                                    
   THAWTE_PRIMARY_ROOT_CA_G3                                    
*  THAWTE_RSA_CA_2018                                          
   THAWTE_SHA256_SSL_CA                                        
*  THAWTE_TLS_RSA_CA_G1                                        
   VERISIGN_CLASS3_PRIMARY_CA_G4                                
   VERISIGN_UNIVERSAL_ROOT_CA                                  

Temporary Fix

Comments

Circumvention


PTFs Available

R730 SI77118  2132

R740 SI77131  2125

Affected Modules


         
         

Affected Publications

Summary Information

Status............................  CLOSED PER
HIPER.............................  No
Component.........................  5770SS1DC
Failing Module....................  RCHMGR
Reported Release..................  R730
Duplicate Of......................  




IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0; 7.4.0","Product":{"code":"SWG60","label":"IBM i"},"Component":"5770SS1","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
24 May 2022