search cancel

The OneClick java jre certificate for CA Spectrum is set to expire on March 8, 2019

book

Article ID: 127181

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

The CA Spectrum OneClick java certificate is going to expire on Friday, March 8 2019.  What fixes are available to update the java certificate if a corporate policy does not allow applications to run with an expired certificate?

 

Environment

This applies to all supported CA Spectrum platform (Linux, Solaris and Windows)

Resolution

**The updated certificate has been included in 10.3.1 out of the box.

The CA Spectrum OneClick java certificate has been updated in the following patches:

10.2.0 - Spectrum_10.02.00.PTF_10.2.072
10.2.1 - Spectrum_10.02.01.PTF_10.2.1108
10.2.2 - Spectrum_10.02.02.PTF_10.2.242
10.2.3 - Spectrum_10.02.03.PTF_10.2.371
10.3.0 - Spectrum_10.03.00.PTF_10.3.016
10.3.1 - The certificate was updated in the release so no patch is needed at this time.

Please contact Spectrum support for copies of these patches/media.



The updated certificate will expire in April of 2022 (due to licensing restrictions).  You can either upgrade to 10.3.1 or install the patch for the version of Spectrum you are running. If you do not install one of these patches you can still use the OneClick client without any configuration changes.  Starting with CA Spectrum release 10.1, the tomcat jar files have been timestamped in accordance with the certificate. The certificate has expired, it has not been revoked so in a typical java deployment we do not expect any interruptions as the certificate is valid.  You will be able to launch the OneClick console without needing to install the patches.  The patch is only needed if your company has a policy that does not allow you to run java applications with an expired certificate.

In addition to this, the Device Certification packs need to be considered:

Device Certification Packs:

The certification packs have been rebuilt for those that have already installed the java certificate patch for 10.2.3 and 10.3.0.  If you are running a version between 10.1.0 and 10.2.2, or you are running 10.3.1, this does not apply to you.  Here is what you need to do dependent upon your situation if you are running 10.2.3 or 10.3.0.  
1.    You do not need to install the jre certificate patch and have not installed the Device Certification Pack but need to:
          a.    Only install the original device certification pack for the release you are on:

10.02.03.Cert_Pack_004
10.3.0.Cert_Pack_001*

*do not install this Device Certification pack on 10.3.1.



2.  You do not need to install the jre certificate patch and have already installed the Device Certification Pack:
          a.    Do not install any patches.  You do not need the updated jre or device certification patch.

3.    You do need to install the jre certificate patch and also need to install the Device Certification Pack:
          a.    Install the jre certificate patch, then install the updated Device Certification pack noted below.

4.    You do need to install the jre certificate patch and have already installed the original Device Certification Pack:
          a.    Install the jre certificate patch, then install the updated Device Certification pack noted below.

5.    You have already installed the jre certificate patch and had to remove jar files to allow the OneClick client to launch:
          a.    Install the updated Device Certification pack noted below.

The updated Device Certification pack based on the Spectrum versions are:

10.2.3 - Spectrum_10.02.03.Cert_Pack_005
10.3.0 - 10.3.0.Cert_Pack_002*

*do not install this Device Certification pack on 10.3.1.