Wednesday, 1 February 2012

IBM WebSphere Application Server - Working with Secure Sockets Layer and LDAP

We needed to apply this iFix to WebSphere Application Server 7.0.0.17 ( under IBM Connections 3.0.1 ) in order to allow WAS to pull/use the root CA SSL certificates from the client's Active Directory servers via their Big IP F5 Load Balancer.


Abstract

The end cert is typically shorter lived then the root certificate so the tasks are changed to get the root certificate.

Error Description

The retrieveSignerFromPort task should return the root signer certificate from the port's certificate chain when available.

Users Affected

All users of IBM WebSphere Application Server that use the console or task options to retrieve signers from port of remote servers.

Prior to this, we were seeing different behaviour between Connections and WebSphere Portal, which runs on WAS 7.0.0.19 - Portal was automatically pulling back the root CA certificates, whereas Connections was pulling the "end" certificates, and occasionally throwing up chaining errors :-(

I opened a PMR with IBM Support, and discovered that this iFix was sneaked into WAS 7.0.0.19 and above, which explained why Portal was working differently to Connections.

Seemples :-)

No comments: