PTF Cover Letter
PTF ( Program Temporary Fixes ) Cover letter
OSP-CERT POPULATE STORE WITH CA CERTIFICATES NEEDS AN UPDATE
Pre/Co-Requisite PTF / Fix List
REQ LICENSED PTF/FIX LEVEL
TYPE PROGRAM RELEASE NUMBER MIN/MAX OPTION
---- -------- --------- ------- ------- ------
PRE 5770SS1 V7R3M0 SI75928 NONE 0034
CO 5770SS1 V7R3M0 SI77121 NONE 0034
NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels. This PTF may be a prerequisite
for future PTFs. By applying this PTF you authorize and agree to the
foregoing.
This PTF is subject to the terms of the license agreement which
accompanied, or was contained in, the Program for which you are obtaining
the PTF. You are not authorized to install or use the PTF except as part
of a Program for which you have a valid Proof of Entitlement.
SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.
The applicable license agreement may have been provided to you in printed
form and/or may be viewed using the Work with Software Agreements (WRKSFWAGR)
CL command.
APAR Error Description / Circumvention
-----------------------------------------------
The list of certificates in the populate a certificate store
with CA certificates contains older certificates. Many root and
intermediate CA certificates have been created since this list
was created and therefore needs an update.
CORRECTION FOR APAR SE76138 :
-----------------------------
The certificates in the Populate with CA Certificates
functionality has been increased to included many more
intermediate and root CA certificates. The list of certificates
available with this functionality is below. The certificates
added with the update are marked with a '*'.
* DIGICERT_EV_RSA_CA_G2
* DIGICERT_EXTENDED_VALIDATION_CA_G3
DIGICERT_GLOBAL_CA_G2
DIGICERT_GLOBAL_CA_G3
* DIGICERT_GLOBAL_G2_TLS_RSA_SHA256_2020_CA1
* DIGICERT_GLOBAL_G3_TLS_ECC_SHA384_2020_CA1
* DIGICERT_GLOBAL_ROOT_CA
DIGICERT_GLOBAL_ROOT_G2
DIGICERT_GLOBAL_ROOT_G3
* DIGICERT_HIGH_ASSURANCE_EV_ROOT_CA
* DIGICERT_SHA2_EXTENDED_VALIDATION_SERVER_CA
* DIGICERT_SHA2_SECURE_SERVER_CA
* DIGICERT_TLS_HYBRID_ECC_SHA384_2020_CA1
* DIGICERT_TLS_RSA_SHA256_2020_CA1
* DIGICERT_TRUSTED_G4_TLS_RSA_SHA384_2020_CA1
DIGICERT_TRUSTED_ROOT_G4
DIGICERT_TRUSTED_SERVER_CA_G4
* ENTRUST_CERTIFICATE_AUTHORITY_L1F
* ENTRUST_CERTIFICATE_AUTHORITY_L1J
* ENTRUST_CERTIFICATE_AUTHORITY_L1K
* ENTRUST_CERTIFICATE_AUTHORITY_L1M
ENTRUST_ROOT_CA_EC1
ENTRUST_ROOT_CA_G2
* GEOTRUST_EV_RSA_CA_2018
* GEOTRUST_EV_RSA_CA_G2
GEOTRUST_PRIMARY_CA_G2
GEOTRUST_PRIMARY_CA_G3
* GEOTRUST_RSA_CA_2018
* GEOTRUST_TLS_RSA_CA_G1
* GLOBALSIGN_ECC_ROOT_CA_R5
* GLOBALSIGN_EXTENDED_VALIDATION_CA_SHA256_G3
* GLOBALSIGN_ORG_VALIDATED_CA_SHA256_G4
* GLOBALSIGN_ROOT_CA
* GLOBALSIGN_ROOT_CA_R3
* GLOBALSIGN_ROOT_CA_R6
* GLOBALSIGN_ROOT_E46
* GLOBALSIGN_ROOT_R46
* GLOBALSIGN_RSA_OV_SSL_CA_2018
* GLOBALSIGN_TRUSTED_ROOT_CA_SHA256_G2
GODADDY_ROOT_CA_G2
* GODADDY_ROOT_CA_G3
* GODADDY_ROOT_CA_G4
GODADDY_SECURE_CA_G2
* GODADDY_SECURE_CA_G3
* GODADDY_SECURE_CA_G4
* ISRG_ROOT_X1
* ISRG_ROOT_X2
* E1_LETS_ENCRYPT
* R3_LETS_ENCRYPT
* RAPIDSSL_ECC_CA_2018
* RAPIDSSL_RSA_CA_2018
* RAPIDSSL_TLS_RSA_CA_G1
SYMANTEC_CLASS1_PRIMARY_CA_G6
SYMANTEC_CLASS2_PRIMARY_CA_G6
SYMANTEC_CLASS3_ECC_SSL_CA
SYMANTEC_CLASS3_SECURE_SERVER_SSL_CA
* THAWTE_EV_RSA_CA_2018
* THAWTE_EV_RSA_CA_G2
THAWTE_EV_SHA256_SSL_CA
THAWTE_PRIMARY_ROOT_CA_G2
THAWTE_PRIMARY_ROOT_CA_G3
* THAWTE_RSA_CA_2018
THAWTE_SHA256_SSL_CA
* THAWTE_TLS_RSA_CA_G1
VERISIGN_CLASS3_PRIMARY_CA_G4
VERISIGN_UNIVERSAL_ROOT_CA
CIRCUMVENTION FOR APAR SE76138 :
--------------------------------
None.
Activation Instructions
None.
Special Instructions
********************************************************************
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
********************************************************************
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI75896 :
=================================================
Restart the affected HTTP Server.
Restart the HTTP Admin server.
Restart web administration server.
After applying or removing this PTF,
end and restart the HTTP administration server.
After applying or removing this PTF,
end and restart the HTTP administration server.
After loading and applying this PTF, all affected TCP/IP servers should
be ended and restarted.
Default Instructions
THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.
Supersedes
PTF/FIX NO(S). APAR TITLE LINE
-------------- ------------------------------------------------------------
SI76550 OSP-DCM ERROR CREATING RSA WITH SHA-512 WITH KEY IN HARDWARE
SI75896 OSP-CERT-MSGMCH6903 MSGMCH6903 OCCURS IN HTTP SERVER JOB WHE
SI75010 OSP-DCM EXPORT CERTIFICATE STORE FOR JAVA COMPATIBILITY
SI74386 OSP DCM SUPPORT UNASSIGN DEFAULT CERTIFICATE FOR STORE
SI73547 OSP-DCM PKCS#12 GENERATED BY DCM NOT JAVA COMPATIBLE
SI72327 Support for TLS 1.3 (sic2)
SI71387 OSP-CERT-INCORROUT DCM NOT HANDLING PKCS12 CERTIFICATE CORRE
SI69860 OSP-DCM CERTIFICATE ENHANCEMENTS FOR BROWSER COMPATABILITY
SI68866 OSP-ANALYZE UNKOWN ERROR VALUE FROM GSKIT
SI67280 OSP-DCM REQUIRED INDEX FILE LOCKED DURING FTP SERVER START
SI67009 OSP-INCORROUT CHROME REPORTS LOCAL CA ISSUED CERTIFICATE AS
SI66099 Enhanced CMSv4 Hashing Support
SI66078 OSP-DCM CREATE CERTIFICATE DOES NOT PRODUCE CORRECT SAN FIEL
SI65752 OSP-DCM PROVIDE SAN FIELDS ON CERTIFICATE REQUEST
SI65662 OSP-DCM CERTIFICATE VALIDATION ERROR DURING PKCS12 IMPORT
SI65438 OSP-UNKNOWN EXTENSION PREVENTS CERTIFICATE IMPORT
SI64279 OSP-SECURITY Enhanced CMS key store support
SI63969 OSP-CERT ASN.1 ERROR WHEN FRIEND NAME HAS INVALID CHARACTERS
SI63882 OSP-CERT ISSUER NOT FOUND WHEN IMPORTING PFX FILE
SI63882 OSP-SECURITY DCM MUTEX LOCKS AFFECT SYSTEM PERFORMANCE
SI63814 OSP-CERT VALIDATE CERTIFICATE FAILS WITH MANY SAN ENTRIES
SI63004 OSP MSGMCH6902 FROM QYCSCMS DESTRUCTOR WITH MULTIPLE THREADS
SI62452 OSP-PERFM MUTEX LEAKS CAUSE MACHINE FAULTING DURING CLEANUP
SI59390 OSP-INCORROUT Make CMSv4 default store type
SI59273 OSP-CERT UNALBE TO IMPORT CERT WITH DATE GREATER THAN 2050
Summary Information
System.............................. i
Models..............................
Release............................. V7R3M0
Licensed Program.................... 5770SS1
APAR Fixed.......................... View details for APAR SE76138
Superseded by:...................... View fix details for PTF SI79678
Recompile........................... N
Library............................. QICSS
MRI Feature ........................ NONE
Cum Level........................... C2132730
IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.
Was this topic helpful?
Document Information
Modified date:
25 May 2022