IBM Support

Certificate used to sign the IBM Rational Host On-Demand applet is revoked

Flashes (Alerts)


Abstract

What happens when the certificate used to sign the IBM Rational Host On-Demand applet is revoked or expires?

Content

The certificate used to sign the IBM Rational Host On-Demand V11 and IBM Host On-Demand V12 applet will expire during the life cycle of the product.

If at some point the certificate is stored in the Publishers list in the Java key store, you can view the certificate by opening the Java control panel, and clicking on the Security tab. Then click on Certificates. The label for the most current certificate is:

International Business Machines Corporation

In addition to the jars being signed, they are also time stamped. Applying a timestamp when you sign a JAR is strongly recommended, as it allows you to prove that IBM signed the JARs during the time interval that the code signing certificate was still valid. This allows your JARs to be validated after the certificate expires thereby prolonging the lifetime of your application.

The signer's certificate has to be valid only when the code is signed.

The purpose of this certificate is to sign the applet and has no bearing on the functionality or security functions of the product when the applet is launched. According to Java's security policy, only signed jar files or applets can be downloaded and executed using a browser. Signing the jar files for an applet provides the signer's information so the end user can choose to trust that applet or not. For further information about the signer's certificate, refer to Oracle's blog Signing code for the long-haul.

A new certificate has been used to sign the jar files for IBM Rational Host On-Demand 11.0.15, IBM Host On-Demand V12.0.1.0 and higher.

IBM Rational  Host On-Demand 11.0.15 will be available on Fix Central  to download on Nov 30,2016

IBM Host On-Demand 12.0.1.0 will be available on  Fix Central to download on Dec 7, 2016

This certificate is valid from Oct 24, 2016 through Jan 24, 2020. If you are having difficulties launching the Host On-Demand client because of the expired signer's certificate, the recommendation is to upgrade to IBM Rational Host On-Demand 11.0.15, IBM Host On-Demand V12.0.1.0 or higher.


Since the HOD jars have been signed with the new certificate, and the secure signing digest has been changed,
it has been found that some older Java versions cannot be used for the HOD client.
Please refer to the link below to see all the supported Java version

http://www-01.ibm.com/support/docview.wss?uid=swg21413688

Related Information

Previous technote

[{"Product":{"code":"SSS9FA","label":"IBM Host On-Demand"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"General Information","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"11.0;11.0.1.0;11.0.2.0;11.0.3.0;11.0.4.0;11.0.5.0;11.0.5.1;11.0.6;11.0.6.1;11.0.7;11.0.8;11.0.9;11.0.10;11.0.11;11.0.12;11.0.13;11.0.14;12.0.0;12.0.0.1","Edition":"All Editions","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
25 September 2022

UID

swg21994967

Page Feedback