| « Don't forget that Sametime certificates expiring too!! | The 8.5 designer.... » |
Security Certificate expiration in Lotus Domino on May 18th 2009
A day late, but from the official IBM email:
This note contains links (URLs) to technical support documents (technotes) related to an issue affecting IBM Lotus Domino customers. You are receiving this notification because you are a customer who has called us for technical support in the past. If you do not wish to receive notifications like this one on other topics in the future, please reply to this email and change the Subject field to: unsubscribe e-mail address, e.g. unsubscribe user@company.domain. This is a special mailing separate from regular Frequently Asked Questions (FAQ) mailings to urgently provide information about this expiration situation.
What is happening
The certificate for some Java applets in Lotus Domino 6.5.x, Domino 7.0.x, Domino 8.0.x, and Domino 8.5 have an expiration date of May 18, 2009. Starting May 19th, Web users will see a dialog with a message similar to one of the following when loading a Web page that contains a Java applet from the Domino server:
"The digital signature was generated with a trusted certificate but has expired or is not yet valid."
"The security certificate has expired or is not yet valid."
This issue can occur even if IBM is set up as a trusted publisher in the browser.
What does this mean
Please be assured that this message does not mean security has been compromised. It simply reflects the expiration of the signature originally provided in the security certificate used with certain Domino applets. You can find an explanation in the following technote:
Title: "Security certificate expiration messages generated from Domino applets (May 18, 2009)"
URL: http://www.ibm.com/support/docview.wss?rs=899&uid=swg21381298
Action needed to resolve
To resolve the situation, you have three options: (1) Instruct users to "Always Trust" content from IBM, (2) if using Domino 7.x, upgrade to Domino 7.0.4, or (3) download and apply fixes. IBM recommends that you replace the affected Jar files (option 3) as described in the following download document for any supported release of Domino:
Title: "Download re-signed Java applets for Lotus Domino (May 18, 2009)"
URL: http://www.ibm.com/support/docview.wss?rs=899&uid=swg24022981
Alternatively, an interim fix will be posted to Fix Central for the latest Modification and Fix Pack levels by May 8th. These include Domino 6.5.6 FP3, 7.0.3 FP1, 7.0.4, 8.0.2 FP1, and 8.5.0. If you're not running one of these releases, access the download document above, which provides fixes for all supported release levels.
General Self-Help Resources Here are links to other ways that you can access IBM Lotus Notes & Domino self-help support information on the Web:
1. My Support (http://www.ibm.com/software/support/einfo.html)
2. Lotus Support is just a click away (http://www.ibm.com/software/lotus/support/clickaway/); learn more about Lotus Software Self-Assist Options.
3. IBM Software Support Site design update (http://www.ibm.com/software/support/gcnews.html)
4. New Lotus Notes Domino Wiki (http://www.lotus.com/ldd/dominowiki.nsf)
5. Fix Central (http://www.ibm.com/support/fixcentral/)
Sincerely,
The IBM Lotus Notes & Domino Team
This note contains links (URLs) to technical support documents (technotes) related to an issue affecting IBM Lotus Domino customers. You are receiving this notification because you are a customer who has called us for technical support in the past. If you do not wish to receive notifications like this one on other topics in the future, please reply to this email and change the Subject field to: unsubscribe e-mail address, e.g. unsubscribe user@company.domain. This is a special mailing separate from regular Frequently Asked Questions (FAQ) mailings to urgently provide information about this expiration situation.
What is happening
The certificate for some Java applets in Lotus Domino 6.5.x, Domino 7.0.x, Domino 8.0.x, and Domino 8.5 have an expiration date of May 18, 2009. Starting May 19th, Web users will see a dialog with a message similar to one of the following when loading a Web page that contains a Java applet from the Domino server:
"The digital signature was generated with a trusted certificate but has expired or is not yet valid."
"The security certificate has expired or is not yet valid."
This issue can occur even if IBM is set up as a trusted publisher in the browser.
What does this mean
Please be assured that this message does not mean security has been compromised. It simply reflects the expiration of the signature originally provided in the security certificate used with certain Domino applets. You can find an explanation in the following technote:
Title: "Security certificate expiration messages generated from Domino applets (May 18, 2009)"
URL: http://www.ibm.com/support/docview.wss?rs=899&uid=swg21381298
Action needed to resolve
To resolve the situation, you have three options: (1) Instruct users to "Always Trust" content from IBM, (2) if using Domino 7.x, upgrade to Domino 7.0.4, or (3) download and apply fixes. IBM recommends that you replace the affected Jar files (option 3) as described in the following download document for any supported release of Domino:
Title: "Download re-signed Java applets for Lotus Domino (May 18, 2009)"
URL: http://www.ibm.com/support/docview.wss?rs=899&uid=swg24022981
Alternatively, an interim fix will be posted to Fix Central for the latest Modification and Fix Pack levels by May 8th. These include Domino 6.5.6 FP3, 7.0.3 FP1, 7.0.4, 8.0.2 FP1, and 8.5.0. If you're not running one of these releases, access the download document above, which provides fixes for all supported release levels.
General Self-Help Resources Here are links to other ways that you can access IBM Lotus Notes & Domino self-help support information on the Web:
1. My Support (http://www.ibm.com/software/support/einfo.html)
2. Lotus Support is just a click away (http://www.ibm.com/software/lotus/support/clickaway/); learn more about Lotus Software Self-Assist Options.
3. IBM Software Support Site design update (http://www.ibm.com/software/support/gcnews.html)
4. New Lotus Notes Domino Wiki (http://www.lotus.com/ldd/dominowiki.nsf)
5. Fix Central (http://www.ibm.com/support/fixcentral/)
Sincerely,
The IBM Lotus Notes & Domino Team
No feedback yet
Comment feed for this postLeave a comment
Yet another Domino/Websphere Admin blog.
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
