Fixes are available
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
Using Business Process Manager version 8.5.6 with WebSphere Application Server (WSAS) version 8.5, encountering a problem when trying to enable FIPS From the WSAS Administrative Console, SSL certificate and key management > Manage FIPS panel, when attempting to Enable FIPS 140-2 getting "null"
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server who configured keystore that * * contains private or secret keys. * **************************************************************** * PROBLEM DESCRIPTION: FIPS command throws * * NullPointerException when trying to * * check private or secret keys for * * compliance. * **************************************************************** * RECOMMENDATION: * **************************************************************** FIPS command "ListCertStatusForSecurityStandard" throws NullPointerException when trying to check private or secret keys for compliance.
Problem conclusion
The code has been fixed to correct NullPointerException. It is currently WebSphere Application Server's limitation that key lengths in secret keys are not evaluated for FIPS sp800-131a compliance. If secret keys are in keystores, please check its key length by using iKeyman in {WebSphere_install_dir}\java\jre\bin directory or other keystore tools. Following documentation contains recommended key lengths for algorithms. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.p df This APAR added the following trace output when WebSphere Application Server detected keys that are not evaluated. NOT_FOR_EVALUATION reason=Not evaluated for FIPS compliance. (private or secret key) The trace output will be printed when SSL=all trace option is turned on. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.7. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI38917
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-04-11
Closed date
2015-06-04
Last modified date
2015-06-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
Document Information
Modified date:
28 April 2022