IBM Support

Possible P8 security exposure on April 26, 2012, if using the Web Server Plug-in for WebSphere Application Server



P8 servers and applications may face a security exposure because SSL connections between WebSphere Application Server and the web server plug-in might fail or revert to non-SSL after the shipped version of the plugin-key.kdb password expires April 26, 2012 US EDT.


As specified in this WebSphere Application Server Flash Alert, P8 applications such as Workplace XT (including applets) and any Content Engine API (both .Net and Java) applications using the HTTPS endpoint, may either stop communicating or shift to unsecured communications to the application server in a secured transport.

This problem affects you if all the following are true:
1. You use any WebSphere Application Server version 6.x through 8.x.
2. You use the WebSphere Application Server Web Server plug-in with a web server such as IBM HTTP Server (IHS).
3. You use SSL communications between the web server and WebSphere Application Server (client browser to web server SSL is unaffected).
4. You use the default keystore.
5. You have not changed the default password for the keystore.

If you are affected by this alert, please use the instructions in the included WebSphere Application Server Flash Alert link in order to avoid this issue.

Related information

WebSphere Application Server Flash Alert

Document information

More support for: FileNet P8 Platform
Content Engine

Software version: 4.0, 4.5, 4.5.1, 5.0, 5.1

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1592371

Modified date: 13 December 2012