IBM Support

WebSphere Application Server WS-Security Sample Keys and Certificates are Expired

Troubleshooting


Problem

The WS-Security sample keys and certificates that are shipped with WebSphere Application Server v855 and v9 expired on 8/7/2023 and 8/8/2023.  These sample keys and certificates might be in use by production applications and need to be replaced.
image-20230811021406-1 The WS-Security sample keystores are not intended for use in production environments.  They are intended only for use in example tasks that are published in IBM Docs. 
image-20231208154045-1 If you use the keys and certificates in the WS-Security sample keystores in production, your applications are at risk:
  • Anyone can get these keys and certificates. 
  • Using one of the private decryption keys, anyone can decrypt your messages. 
  • Using one of the private signing keys, anyone can sign a message to send to your endpoint and your applications trusts it.
image-20231208154949-2 If you are using the WS-Security sample keys or certificates only when you run WS-Security sample configuration tasks in the IBM Documentation, you can find an interim fix that replaces the sample key stores at PH56482:WebSphere WS-Security sample keystores are expired .

Symptom

There are various errors that you might see in a trace file, SystemOut.log, or FFDC file.  An example is:
Exception: javax.xml.ws.soap.SOAPFaultException: java.security.PrivilegedActionException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5181E: The following certificate, which is owned by CN=SOAPRequester, OU=TRL, O=IBM, ST=Kanagawa, C=JP with the soaprequester alias from the c:\was90517\WebSphere\AppServer\profiles\guava/etc/ws-security/samples/dsig-sender.ks keystore, has expired: java.security.cert.CertificateExpiredException: NotAfter: Tue Aug 08 12:46:30 CDT 2023 ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityGeneratorHandler$2@10737d36

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CcyRAAS","label":"WebSphere Application Server traditional-All Platforms-\u003ESecurity-\u003EWeb Services Security"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
03 March 2025

UID

ibm17025379

Page Feedback