IBM Support

PI43727: EXPIRATION MONITOR STOPPED WORKING IF THE CERTIFICATE IS NOT GENERATED BY WEBSPHERE APPLICATION SERVER

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • If a certificate is not generated by WebSphere Application
    Server, it won't be removed automatically, but just log the
    information which indicates that the certificate has been
    expired in the email or systemout.log
    
    CERTIFICATE EXPIRATION MONITOR is not logging any expired
    certificate message in systemout.log or email
    

Local fix

  • manually remove the expired certificates
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: Certificate Expiration Monitor might    *
    *                      stop working in some conditions.        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When an expired chained certificate which was not signed by
    the WebSphere Application Server is stored in the root-key
    file, the Certificate Expiration Monitor might fail to replace
    this certificate. As a result, the entire process of the
    Certificate Expiration Monitor fails to notify or replace the
    expired certificates.
    

Problem conclusion

  • With this fix, the Certificate Expiration Monitor is
    functional even if this condition happens.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.39, 8.0.0.12, and 8.5.5.8.  Please refer to
    the Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI43727

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-06-24

  • Closed date

    2015-07-21

  • Last modified date

    2015-07-21

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI43727

Modified date: 21 July 2015