Cryptoj.jar file in early version SDK kit uses an expired signing cert.

book

Article ID: 212914

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Cryptoj.jar file in Prior 12.8 version SDK kit uses an expired signing cert. 

Customer reports that WebSphere application 9.0.5 server prevents cryptoj.jar from loading because the cert used to sign the jar file is expired. 

Looking at the cert info printed by jarsigner:

      >>> Signer
      X.509, CN="RSA, The Security Devision of EMC", OU=Java Software Code Signing, O=Sun Microsystems Inc
      [certificate expired on 2/3/17 1:50 PM]
      X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
      [certificate expired on 4/25/20 3:00 AM]

Cause

Cryptoj.jar file in Prior 12.8 version SDK kit uses an expired signing cert. 
Cryptoj.jar is a part of RSA BSAFE cryptoj package that is no longer supported by RSA,  RSA dropped support 3 or 4 years ago and SiteMinder had to switch to new SDK with Bouncy Castle.  
There is no work around to this for older version SDK.

Environment

SDK Release version : Any 12.51 to 12.7

Component : SITEMINDER -SDK

Resolution

12.8 SDK does not have cryptoj.jar.

After Upgrading to CA SSO 12.8, any custom code that uses cryptoj.jar may be no longer working. Hence, custom code needs to be rebuilt with 12.8 SDK where old cryptoj.jar is no longer referenced.

Additional Information

DE499139

https://knowledge.broadcom.com/external/article/115755/ca-sso-128-cryptojjar-thirdparty-library.html

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=209712

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/sdks/programming-in-java/agent-api-in-java.html