Date: Wed, 11 Jul 2001 18:23:01 -0400 From: madodelatptdprolog.net Subject: [VOICENWS] WebSphere EMERGENCY: Application Server Could Stop on July 19, 2001 From: "Timothy Sipples" Dear Friends: IBM is trying to alert its customers to a potential problem which could affect WebSphere Application Server. To the best of my knowledge, this alert also applies to users of WebSphere Application Server for OS/2 Warp (available through IBM Software Choice). If you are using the DummyKey Ring provided by IBM with WebSphere, and you have enabled security, you run the risk of stopping WebSphere on July 19, 2001. Read on for more information on how to deal with this potential problem. If you are not using the IBM-provided DummyKey Ring and/or do not have security enabled, or if you are using WebSphere Application Server for OS/390, please disregard this notice. THE PROBLEM: The IBM-provided DummyKey Ring in certain releases of WebSphere Application Server has a certificate expiration date of July 19, 2001. WebSphere Application Server releases prior to 3.5.3 or 3.02.4 on all platforms except OS/390 are likely affected. All communications to/from the server will halt when the certificate expires, if security has been enabled. If multiple servers are tied together for communications, all servers must have the same level of unexpired certificates in order to continue functioning. IDENTIFICATION: The Dummy KeyRing sample certificate expiration on July 19, 2001, will affect you only if ALL of the following conditions are true: 1. Running WebSphere Application Server Version 3.0, 3.0.1, 3.0.2, 3.0.2.1, 3.0.2.2, 3.0.2.3, 3.5, 3.5.1, or 3.5.2. ==> Verify by looking in the ...\properties\com\ibm\websphere directory. Look inside the product.properties (3.0.x) or product.xml (3.5.x) file. 2. eFix PQ47370 is NOT applied. ==> Verify by looking in the ...\bin\admin.config file. PQ47370 is not applied if there is no reference to a PQ47370.jar file. (PQ47370 contains an updated sample certificate.) 3. The DummyKeyring sample certificate is being used (rather than using your own secure keyring). ==> Verify by looking in the ...\properties\sas.server.props file. This IBM-provided sample certificate is not being used if there's no reference to the DummyKeyring. RESOLUTION: Create your own dummy keyring, as explained in the WebSphere InfoCenter in Section 5.5.6.1.5: "Example: Generating and Using Test Certificates." Other temporary resolutions are possible by installing IBM's updated sample keyring (which has an expiration date of January 19, 2004). For more information on IBM WebSphere Application Server support, please visit: http://www.ibm.com/software/webservers/appserv/support.html NOTE: The sample Dummy Keyring is provided in all WebSphere Application Server releases as a convenience only, for setting up SSL communications on an initial, temporary basis. As documented, use of this sample keyring could compromise security and is not recommended for other than test, development, or internal usage. IBM encourages customers running WebSphere Application Server for OS/2 Warp to participate in online forums to exchange information on this and other technical support issues. Please feel free to report your experiences with this information to other users in the appropriate newsgroups. - - - - - Timothy F. Sipples IBM WebSphere & Business Connect Software (Chicago, IL) and IBM Consultant to the U.S. Bureau of Transportation Statistics (Wash., DC) ----------- To unsubscribe yourself from this list, send the following message to majormajoratos2voice.org unsubscribe news end If you have an announcement you would like posted to the VOICE News list, please send it to submitatos2voice.org. Please include a valid reply address and a real contact name. If you wish to comment on this post, please reply to feedbackatos2voice.org