Sybase DC38029-01-0500-01 dimensions SSL certificates after upgrading, HTTP 1.1 support

5.3 SSL certificates after upgrading

(CR #341222) When you upgrade from an earlier version of EAServer, the installer upgrades the sample test certificates and installs new versions of the Verisign CA certificates. The upgrade may leave obsolete copies of the Sample1 Test ID and Sample2 Test ID certificates. You can delete these manually using EAServer Manager or Security Manager. Delete the older version of each certificate.

5.4 HTTP 1.1 support

(CR #343480) EAServer generates HTTP 405 “method not allowed” errors when an HTTP request contains an absolute URI in the request-URI header.

5.5 Web services toolkit issues

The following are known issues in the EAServer 5.0 Web services toolkit.

5.5.1 Expired VeriSign root certificate

(CR #345070) The VeriSign root certificate has expired in the JDK 1.3 and 1.4 installations used by EAServer. As a result, publishing to the Microsoft UDDI Registry throws a certificate expired exception. For more information on how this problem may affect your applications, see

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57436. To workaround

this issue:

1Shut down EAServer.

2Download the most recent Verisign PCA root certificates from the VeriSign

Web site at http://www.verisign.com/support/roots.html

3Unzip the files to a temporary location, for example, /tmp.

4Change to the bin directory in the JDK 1.4 installation used by EAServer. Import the new certificates with the keytool command. For example (all on one line):

keytool -import -v -keystore $JAGUAR_JDK14/jre/lib/security/cacerts - alias verisignclass3ca2028 -file "/tmp/VeriSign - Thawte Combined Roots/VeriSign_Roots/PCA3ss_v4.509"

When prompted, enter the JDK key store password. The default is changeit. When prompted, accept the new certificate.