Wednesday, 1 February 2012
IBM WebSphere Application Server - Working with Secure Sockets Layer and LDAP
We needed to apply this iFix to WebSphere Application Server 220.127.116.11 ( under IBM Connections 3.0.1 ) in order to allow WAS to pull/use the root CA SSL certificates from the client's Active Directory servers via their Big IP F5 Load Balancer.
The end cert is typically shorter lived then the root certificate so the tasks are changed to get the root certificate.
The retrieveSignerFromPort task should return the root signer certificate from the port's certificate chain when available.
All users of IBM WebSphere Application Server that use the console or task options to retrieve signers from port of remote servers.
Prior to this, we were seeing different behaviour between Connections and WebSphere Portal, which runs on WAS 18.104.22.168 - Portal was automatically pulling back the root CA certificates, whereas Connections was pulling the "end" certificates, and occasionally throwing up chaining errors :-(
I opened a PMR with IBM Support, and discovered that this iFix was sneaked into WAS 22.214.171.124 and above, which explained why Portal was working differently to Connections.