-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
Unable to deploy on IBM PureApplication appliance and
Software due to expired security certificate
27 May 2019
AusCERT Security Bulletin Summary
Product: PureApplication System
Operating System: Network Appliance
Impact/Access: Reduced Security -- Unknown/Unspecified
- --------------------------BEGIN INCLUDED TEXT--------------------
Unable to deploy on IBM PureApplication appliance and Software due to expired
IT28802; CertPathValidatorException; CertificateExpiredException
More support for: PureApplication System
Component: PureApplication appliance and PureApplication Software
Software version: All Versions
Operating system(s): Platform Independent
Reference #: 0881129
Modified date: 25 May 2019
Unable to deploy, modify, or capture snapshots of PureApplication
workloads due to expired security certificate used by PureApplication
System Manager (PSM).
When attempting to deploy, modify, capture snapshots of PureApplication
workloads, the following error is seen on the PureApplication console:
Metadata of script: <script name associated with pattern instance> cannot
The problem is caused because of the following exception, as seen in the
kernel service logs:
Caused by: java.security.cert.CertPathValidatorException: The certificate
expired at Fri Apr 12 17:40:37 UTC 2019; internal cause is:
This problem is related to APAR IT28802. This APAR impacts the deployment
of new workloads, modification of running workloads, and capturing
snapshots of running workloads. In order to resolve this problem, a new
security patch with a new security certificate needs to be installed on
the PSM, and the associated services need to be restarted.
Until the new security patch is applied, you will have limited management
usage of your PureApplication but all existing workloads will continue to
operate without any outage. Additionally, you will continue to have a
limited management access to the PSM for all other management features and
If you are encountering this problem, please open a service request (PMR)
with IBM PureApplication L2 Support via
https://www-946.ibm.com/sr/help/index.html and express your interest in
Issues post installation of APAR IT28802:
After the APAR IT28802 test fix installation, if you notice either of
these issues, then please open a service request (PMR), specify the text
as "failure after applying IT28802" in the request and submit with IBM
PureApplication L2 Support.
1. If you have a configured system backup, the system backup stops
working. You can validate this issue by doing these steps:
a. Click System Console > System > Backup and Restore.
b. Select your backup configuration.
c. Click View History.
You would notice that history is not updated from the last
2. The error, "Metadata of script: <script name associated with pattern
instance> cannot be loaded", returns. There is a use case where the
older version of the certificate is restored, such as PSM failovers,
firmware upgrades, or repairs to the PSM.
You can verify by opening any pattern under Patterns > Virtual System
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to email@example.com
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----