APAR status
Closed as program error.
Error description
The IBM Spectrum Protect Operations Center may fail to start after a successful upgrade to version 7.1.8, 8.1.2 or 8.1.3, reporting the following error in the messages.log: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: no cipher suites in common This is seen because the browser cannot connect to the Liberty webserver due to the more restrictive security policy introduced by above versions. This security will no longer honor the default certificate found in the truststore "gui-truststore.jks" which is expired and using SHA1. The IBM Spectrum Protect versions 7.1.8, 8.1.2 and 8.1.3 require the SHA256 secure hashing algorithm applied to the certificate. IBM Spectrum Protect versions affected: IBM Spectrum Protect Operations Center 7.1.8.x and 8.1.2 and later on supported platforms Initial Impact: Low Additional Keywords: TSM "Spectrum Protect"
Local fix
Local Fix: The solution consists in deleting the old certificate, create a new one, and restart Liberty. These are the commands, using the values from the current default certificate. In particular, the 'expire' value is the number of days the certificate is valid. In below example we used three years, 3*365=1095. ikeycmd -cert -delete -db gui-truststore.jks -label 'default' ikeycmd -cert -create -db gui-truststore.jks -label 'default' -sig_alg SHA256withRSA -size 2048 -DN "CN=localhost, OU=guiServer, O=ibm, C=us" -expire 1095
Problem summary
**************************************************************** * USERS AFFECTED: * * All IBM Spectrum Protect Operations Center users. * **************************************************************** * PROBLEM DESCRIPTION: * * See error description. * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in levels 8.1.6. Note that this is * * subject to change at the discretion of IBM. * ****************************************************************
Problem conclusion
This problem was fixed. Affected platforms for reported release: AIX, Linux, and Windows. Platforms fixed: AIX, Linux, and Windows.
Temporary fix
Comments
APAR Information
APAR number
IT23586
Reported component name
TSM OPERATIONS
Reported component ID
5608E01UI
Reported release
713
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-12-28
Closed date
2018-07-09
Last modified date
2018-07-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TSM OPERATIONS
Fixed component ID
5608E01UI
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"713","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
09 July 2018