News
Abstract
P8 servers and applications may face a security exposure because SSL connections between WebSphere Application Server and the web server plug-in might fail or revert to non-SSL after the shipped version of the plugin-key.kdb password expires April 26, 2012 US EDT.
Content
As specified in this WebSphere Application Server Flash Alert, P8 applications such as Workplace XT (including applets) and any Content Engine API (both .Net and Java) applications using the HTTPS endpoint, may either stop communicating or shift to unsecured communications to the application server in a secured transport.
This problem affects you if all the following are true:
1. You use any WebSphere Application Server version 6.x through 8.x.
2. You use the WebSphere Application Server Web Server plug-in with a web server such as IBM HTTP Server (IHS).
3. You use SSL communications between the web server and WebSphere Application Server (client browser to web server SSL is unaffected).
4. You use the default keystore.
5. You have not changed the default password for the keystore.
Solution
If you are affected by this alert, please use the instructions in the included WebSphere Application Server Flash Alert link in order to avoid this issue.
Related information
WebSphere Application Server Flash Alert
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.