Please be advised that custom CORBA certificates generated on RHEL 7.x systems are incompatible with Spectrum 25.4.1 and later versions due to the Java 17 upgrade.

This will be seen if upgrading from 24.3.x and earlier releases to 25.4.1 and newer releases where Spectrum has Secure CORBA configured using HTTPS.

Post upgrade users will encounter the following error when attempting to log in to OneClick. This error occurs even when authentication is successful.

"No SpectroServer available"

All systems using custom CORBA certificates (old format, pre-PKCS12) will be affected.

No systems using the default Spectrum CORBA certificates will be impacted. Only seen from systems using CA signed certificates.

All supported Network Observability DX NetOps Spectrum releases using Secure CORBA configurations with CA Signed certificates in use.

The incompatibility arises from Java 17's removal of support for PBKDF1-encrypted private keys in DER format, which were commonly created by older OpenSSL versions. PBKDF1 has been deprecated in OpenSSL 3.0 and removed from the default provider.

To resolve this on impacted systems we'll need to regenerate custom CORBA certificates using the PKCS12 format.

This can be done before or after the upgrade to 25.4.1+ releases.

The steps to resolve this are found in the following articles. Select the one that fits your needs.

Enable Secure CORBA with Self-Signed Certificates

Enable secure Corba with CA signed certificates.

Product documentation topic Enable Secure CORBA with Self-Signed and CA-Signed Certificates references the articles as well.

Related Defect: DE178131: Spectrum secure CORBA custom certs in old format (before PKCS12) - upgraded to 25.4.2 fails to login to OC