IBM Support

SI77131 - OSP-CERT POPULATE STORE WITH CA CERTIFICATES NEEDS AN UPDATE

PTF Cover Letter


PTF ( Program Temporary Fixes ) Cover letter


Order this fix

Abstract

OSP-CERT POPULATE STORE WITH CA CERTIFICATES NEEDS AN UPDATE


Pre/Co-Requisite PTF / Fix List

REQ  LICENSED           PTF/FIX  LEVEL

TYPE PROGRAM  RELEASE   NUMBER   MIN/MAX  OPTION
---- -------- --------- -------  -------  ------
PRE  5770SS1  V7R4M0    SI75929   NONE     0034
CO   5770SS1  V7R4M0    SI77132   NONE     0034
CO   5770SS1  V7R4M0    SI71179   NONE     0034



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the license agreement which
accompanied, or was contained in, the Program for which you are obtaining
the PTF.  You are not authorized to install or use the PTF except as part
of a Program for which you have a valid Proof of Entitlement.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.

The applicable license agreement may have been provided to you in printed
form and/or may be viewed using the Work with Software Agreements (WRKSFWAGR)
CL command.





APAR Error Description / Circumvention

-----------------------------------------------
The list of certificates in the populate a certificate store
with CA certificates contains older certificates.  Many root and
intermediate CA certificates have been created since this list
was created and therefore needs an update.

CORRECTION FOR APAR SE76138 :
-----------------------------
The certificates in the Populate with CA Certificates
functionality has been increased to included many more
intermediate and root CA certificates.  The list of certificates
available with this functionality is below.  The certificates
added with the update are marked with a '*'.

*  DIGICERT_EV_RSA_CA_G2
*  DIGICERT_EXTENDED_VALIDATION_CA_G3
DIGICERT_GLOBAL_CA_G2
DIGICERT_GLOBAL_CA_G3
*  DIGICERT_GLOBAL_G2_TLS_RSA_SHA256_2020_CA1
*  DIGICERT_GLOBAL_G3_TLS_ECC_SHA384_2020_CA1
*  DIGICERT_GLOBAL_ROOT_CA
DIGICERT_GLOBAL_ROOT_G2
DIGICERT_GLOBAL_ROOT_G3
*  DIGICERT_HIGH_ASSURANCE_EV_ROOT_CA
*  DIGICERT_SHA2_EXTENDED_VALIDATION_SERVER_CA
*  DIGICERT_SHA2_SECURE_SERVER_CA
*  DIGICERT_TLS_HYBRID_ECC_SHA384_2020_CA1
*  DIGICERT_TLS_RSA_SHA256_2020_CA1
*  DIGICERT_TRUSTED_G4_TLS_RSA_SHA384_2020_CA1
DIGICERT_TRUSTED_ROOT_G4
DIGICERT_TRUSTED_SERVER_CA_G4
*  ENTRUST_CERTIFICATE_AUTHORITY_L1F
*  ENTRUST_CERTIFICATE_AUTHORITY_L1J
*  ENTRUST_CERTIFICATE_AUTHORITY_L1K
*  ENTRUST_CERTIFICATE_AUTHORITY_L1M
ENTRUST_ROOT_CA_EC1
ENTRUST_ROOT_CA_G2
*  GEOTRUST_EV_RSA_CA_2018
*  GEOTRUST_EV_RSA_CA_G2
GEOTRUST_PRIMARY_CA_G2
GEOTRUST_PRIMARY_CA_G3
*  GEOTRUST_RSA_CA_2018
*  GEOTRUST_TLS_RSA_CA_G1
*  GLOBALSIGN_ECC_ROOT_CA_R5
*  GLOBALSIGN_EXTENDED_VALIDATION_CA_SHA256_G3
*  GLOBALSIGN_ORG_VALIDATED_CA_SHA256_G4
*  GLOBALSIGN_ROOT_CA
*  GLOBALSIGN_ROOT_CA_R3
*  GLOBALSIGN_ROOT_CA_R6
*  GLOBALSIGN_ROOT_E46
*  GLOBALSIGN_ROOT_R46
*  GLOBALSIGN_RSA_OV_SSL_CA_2018
*  GLOBALSIGN_TRUSTED_ROOT_CA_SHA256_G2
GODADDY_ROOT_CA_G2
*  GODADDY_ROOT_CA_G3
*  GODADDY_ROOT_CA_G4
GODADDY_SECURE_CA_G2
*  GODADDY_SECURE_CA_G3
*  GODADDY_SECURE_CA_G4
*  ISRG_ROOT_X1
*  ISRG_ROOT_X2
*  E1_LETS_ENCRYPT
*  R3_LETS_ENCRYPT
*  RAPIDSSL_ECC_CA_2018
*  RAPIDSSL_RSA_CA_2018
*  RAPIDSSL_TLS_RSA_CA_G1
SYMANTEC_CLASS1_PRIMARY_CA_G6
SYMANTEC_CLASS2_PRIMARY_CA_G6
SYMANTEC_CLASS3_ECC_SSL_CA
SYMANTEC_CLASS3_SECURE_SERVER_SSL_CA
*  THAWTE_EV_RSA_CA_2018
*  THAWTE_EV_RSA_CA_G2
THAWTE_EV_SHA256_SSL_CA
THAWTE_PRIMARY_ROOT_CA_G2
THAWTE_PRIMARY_ROOT_CA_G3
*  THAWTE_RSA_CA_2018
THAWTE_SHA256_SSL_CA
*  THAWTE_TLS_RSA_CA_G1
VERISIGN_CLASS3_PRIMARY_CA_G4
VERISIGN_UNIVERSAL_ROOT_CA

CIRCUMVENTION FOR APAR SE76138 :
--------------------------------
None.


Activation Instructions


None.




Special Instructions


********************************************************************
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
********************************************************************

SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI75897 :
=================================================

Restart the affected HTTP server.


Restart the admin servers.
ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

Restart HTTP web administration server.


Restart the HTTP web administration server.

After applying or removing this PTF,
end and restart the HTTP administration server.

Create new certificates to take advantage of the new extensions.


Default Instructions

THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
   SI76551      OSP-DCM ERROR CREATING RSA WITH SHA-512 WITH KEY IN HARDWARE
   SI75897      OSP-CERT-MSGMCH6903 MSGMCH6903 OCCURS IN HTTP SERVER JOB WHE
   SI74657      OSP-DCM EXPORT CERTIFICATE STORE FOR JAVA COMPATIBILITY
   SI74384      OSP DCM SUPPORT UNASSIGN DEFAULT CERTIFICATE FOR STORE
   SI72848      OSP-DCM PKCS#12 GENERATED BY DCM NOT JAVA COMPATIBLE
   SI72258      OSP-SERVER CERT IMPORTED AS CA WITH QYKMIMPORTKEYSTORE API
   SI71389      OSP-CERT-INCORROUT DCM NOT HANDLING PKCS12 CERTIFICATE CORRE
   SI71177      OSP-CERTIFICATE CREATION WITH RSASSA-PSS SIGNATURE
   SI69309      OSP-DCM CERTIFICATE ENHANCEMENTS FOR BROWSER COMPATABILITY

Summary Information

System..............................  i
Models..............................  
Release.............................  V7R4M0
Licensed Program....................  5770SS1
APAR Fixed..........................  View details for APAR SE76138
Superseded by:......................  View fix details for PTF SI79679
Recompile...........................  N
Library.............................  QICSS
MRI Feature ........................  NONE
Cum Level...........................  C2125740


IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.4.0","Product":{"code":"SWG60","label":"IBM i"},"Component":"5770SS1","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
25 May 2022