Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1900 Unable to deploy on IBM PureApplication appliance and Software due to expired security certificate 27 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PureApplication System Publisher: IBM Operating System: Network Appliance Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Mitigation Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881129 - --------------------------BEGIN INCLUDED TEXT-------------------- Unable to deploy on IBM PureApplication appliance and Software due to expired security certificate IT28802; CertPathValidatorException; CertificateExpiredException Document information More support for: PureApplication System Component: PureApplication appliance and PureApplication Software Software version: All Versions Operating system(s): Platform Independent Reference #: 0881129 Modified date: 25 May 2019 Flashes (Alerts) Abstract Unable to deploy, modify, or capture snapshots of PureApplication workloads due to expired security certificate used by PureApplication System Manager (PSM). Content When attempting to deploy, modify, capture snapshots of PureApplication workloads, the following error is seen on the PureApplication console: Metadata of script: <script name associated with pattern instance> cannot be loaded. The problem is caused because of the following exception, as seen in the kernel service logs: Caused by: java.security.cert.CertPathValidatorException: The certificate expired at Fri Apr 12 17:40:37 UTC 2019; internal cause is: java.security.cert.CertificateExpiredException. This problem is related to APAR IT28802. This APAR impacts the deployment of new workloads, modification of running workloads, and capturing snapshots of running workloads. In order to resolve this problem, a new security patch with a new security certificate needs to be installed on the PSM, and the associated services need to be restarted. Until the new security patch is applied, you will have limited management usage of your PureApplication but all existing workloads will continue to operate without any outage. Additionally, you will continue to have a limited management access to the PSM for all other management features and functions. If you are encountering this problem, please open a service request (PMR) with IBM PureApplication L2 Support via https://www-946.ibm.com/sr/help/index.html and express your interest in APAR IT28802. Issues post installation of APAR IT28802: After the APAR IT28802 test fix installation, if you notice either of these issues, then please open a service request (PMR), specify the text as "failure after applying IT28802" in the request and submit with IBM PureApplication L2 Support. 1. If you have a configured system backup, the system backup stops working. You can validate this issue by doing these steps: a. Click System Console > System > Backup and Restore. b. Select your backup configuration. c. Click View History. You would notice that history is not updated from the last scheduled backup. 2. The error, "Metadata of script: <script name associated with pattern instance> cannot be loaded", returns. There is a use case where the older version of the certificate is restored, such as PSM failovers, firmware upgrades, or repairs to the PSM. You can verify by opening any pattern under Patterns > Virtual System Patterns. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOtvh2aOgq3Tt24GAQgsSRAAzteWbVeZAFWOwUSvSFIGgXKOH7BfsiFb ZG+yD29epkDrmJFmbbQDCf4iJbHwCp2P4Hb/iT69qQ5M478K0vrwmFyO+vZD0B77 cMxd57y75lqHPL7jmrMKtsE8c9cC9SLSpuddRyX+TcJyrtTGtRRVkSFFyLCi8fPI 825RWzcE8THkCTS4pCB6Kfc0519Y/Oa9mZiBdtyRj2Y/Jj7K9Fy03yRZndXjuJzb 74HocWP1dnDztHwxp+3Et63n6hMc3Yenu/SnnTWFjx2gNoclAXS2j0D3PW6Kat4u B+rUn3MXt2JWnBb+IMPoQp0QPGqQOOpWdmVRtz5fsA4RPi9H+CSb66Dp8wuQDlyo gzbl0NywX7rOJUwzW14HAcdfIv39qhGSaGM6Fzi+E5KgJcZ8UlffRpzAmyhKXh0Y 2BDfWCJ6abCnFX1dOj02ZLHR/D+B+OgzLCvp8C3riQQI6TcOAAIlcoh0SvpJReMq 0XoPno6gIQprTrHovhXQORa5cPRvQEf0sodrLOT6baQsQbAEQGUg0ZH9Y5jh3Jfr 1e96xU4R5Gh73i25VzbdgdWhhYCfC/GHAXpzdOE6AKQa17oT26J9oW4C2R7Fmkhg rs3Kcc79tifsoH919L5zkYltP+r4sxc2cqCXYN0/q9H8/TBTxjKUjAD00w4FNj9l jXvelmLWt8w= =/zV8 -----END PGP SIGNATURE-----