APAR status
Closed as program error.
Error description
When accessing the HOD client and starting an SSL session, the client receives a com 666 indicating the certificate has expired. There is a new certificate, but the client tried to use the expired certificate by default. It seems the browser uses the expiried one by default, so the user cannot connect.
Local fix
Delete the expired certificate in the browser in order to use the newer certificate.
Problem summary
The HOD session, when configured to use MSIE browser's keyring for SSL, fails to connect if valid and expired certificates of the intermediate CA are both present in the browser's keyring. When the server's SSL certificate is signed by an intermediate CA and the CA certificates are present in the client MSIE browser's keyring, the connection failure occurs if an older/expired certificate of the intermediate CA is also present in the keyring. Once the expired certificate of intermediate CA is removed and only the valid certificates are present in the MSIE browser's keyring, the HOD session connects fine. When the valid and the expired intermediate CA certificates are present in the MSIE browser's keyring, the SSLite library used by HOD gives preference to the older/expired certificate while verifying the server's certificate. As a result, Server certificate is considered as expired/invalid and session connection fails.
Problem conclusion
SSL library has been fixed to address the issue. Fix scheduled for HOD 11.0.12 Refresh Pack
Temporary fix
Comments
APAR Information
APAR number
OA46452
Reported component name
HOD MVS
Reported component ID
5733A5900
Reported release
B08
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-11-04
Closed date
2015-02-12
Last modified date
2015-02-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
sslite
Fix information
Fixed component name
HOD MVS
Fixed component ID
5733A5900
Applicable component levels
RB0B PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSS9FA","label":"IBM Host On-Demand"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B08","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
19 April 2021