Direct link to fix
APAR status
Closed as program error.
Error description
When changing the signer of IAM's route certificate, UMS SSO fails to connect. This error can be seen in the liberty server logs: CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [root CA info ] was sent from the host [URL]. The signer might need to be added to local trust store [/opt/ibm/wlp/usr/shared/resources/security/truststore/pkcs12/se rver.p12], located in SSL configuration alias defaultSSLConfig]. The error shows that the new root CA associated with recently configured certificates is not trusted by UMS. PRODUCTS AFFECTED IBM Cloud Pak for Business Automation
Local fix
After a restart of the UMS PODS the new IAM root CA will be added to the UMS truststore
Problem summary
PRODUCTS AFFECTED IBM Cloud Pak for Business Automation
Problem conclusion
A fix is available or will be available that restarts the UMS pods upon detecting a change to IAM's route certificate to ensure the new signer is available in UMS' truststore.
Temporary fix
Not applicable.
Comments
APAR Information
APAR number
JR64252
Reported component name
CLOUD PAK FOR A
Reported component ID
5737I2300
Reported release
L00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-10-22
Closed date
2022-01-27
Last modified date
2022-01-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLOUD PAK FOR A
Fixed component ID
5737I2300
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"L00","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 March 2022