------------------------------------------------------------------------------- Fix Number: FJSVfsep-WAD-17-1701-0.s15.x86_64 Product Names and Versions: Fujitsu Enterprise Postgres WebAdmin 17 Creation date: 19.03.2025 ------------------------------------------------------------------------------- [High Risk Activity] The Customer acknowledges and agrees that the Product is designed, developed and manufactured as contemplated for general use, including without limitation, general office use, personal use, household use, and ordinary industrial use, but is not designed, developed and manufactured as contemplated for use accompanying fatal risks or dangers that, unless extremely high safety is secured, could lead directly to death, personal injury, severe physical damage or other loss (hereinafter "High Safety Required Use"), including without limitation, nuclear reaction control in nuclear facility, aircraft flight control, air traffic control, mass transport control, medical life support system, missile launch control in weapon system. The Customer, shall not use the Product without securing the sufficient safety required for the High Safety Required Use. In addition, Fujitsu (or other affiliate's name) shall not be liable against the Customer and/or any third party for any claims or damages arising in connection with the High Safety Required Use of the Product. Product and company names mentioned in this manual are the trademarks or registered trademarks of their respective owners. Copyright 2024-2025 FUJITSU LIMITED ------------------------------------------------------------------------------- [Notes] - This is the readme for SUSE 15. - This patch can be applied only to the WebAdmin. - Apply the following patches at the same time. - FJSVfsep-WAD-17-1701-1.s15.x86_64.rpm - FJSVfsep-WAD-OPJ-17-1701-1.s15.x86_64.rpm - Back up the configuration file if secure communication is using in the current environment. Otherwise, this step can be skipped. webAdminInstallDir/tomcat/conf/server.xml - Please stop WebAdmin and the instance before applying or removing the patch. - Please set up WebAdmin after applying or removing the patch. - If backup was performed for the secure communication environment, please restore the previous configuration by updating the server.xml file. webAdminInstallDir/tomcat/conf/server.xml - Please start WebAdmin and the instance after applying or removing the patch. - If secure communication is selected during the setup phase, default certificate will be generated in the Tomcat installation directory. These certificates are for testing purposes only and must be replaced with proper CA-signed certificates. webAdminInstallDir/tomcat/keystore/ _______________________________________________________________ | Tomcat installation directory | | |-- bin | | |-- Building.txt | | |-- conf | | |-- CONTRIBUTING.md | | |-- keystore | | | |-- keystore.p12 -> For HTTPS | | | |-- clientbrowser.p12 -> For client authentication | | | |-- clientkeystore.p12 -> For client authentication | | | |-- truststore.p12 -> For client authentication | | | |-- clientkeystore.conf -> For client authentication | | |-- ... | |_______________________________________________________________| - Please perform the following steps to configure certificates. [Certificate configuration procedure] 1) Prepare CA-signed certificates 1) keystore.p12 (private and public keys included) - One server certificate for HTTPS - Used for data encryption 2) clientbrowser.p12 (private key included) - One client certificate for browser-server authentication. - It will be used to register in user's browser - The number of certificates generated corresponds to the number of client(browsers) accessing WebAdmin. 3) clientkeystore.p12 (private key included) - One client certificate for server-to-server authentication, which will be used by WebAdmin internally. 4) truststore.p12 (clientbrowser.p12 and clientkeystore.p12) - Imported public keys of all client certificates 2) Place certificates in keystore directory [Single-server configuration] 1) Place keystore.p12, truststore.p12 and clientkeystore.p12 files in the "keystore" directory 2) Import clientbrowser.p12 into your browser. If you use multiple clients (browsers), import the certificate into each browser. [How to import a .p12 certificate into Microsoft Edge] 1) [Settings] - [Privacy, search, and services] 2) [Security] - [Manage Certificates] 3) [Personal] 4) [Import] => Start the wizard 5) Select the certificate you want to import (.p12 will not be displayed unless you select the file format) 6) Enter the private key password (It should have been specified when creating the .p12 certificate) For the default test certificate clientbrowser.p12, enter the "password". 7) Restart Edge Import procedure may vary depending on the browser. [Multi-server configuration] 1) Place keystore.p12, truststore.p12 and clientkeystore.p12 files in the "keystore" directory 2) Import clientbrowser.p12 into your browser. If you use multiple clients (browsers), import the certificate into each browser. 3) Import the public key corresponding to the private key in clientkeystore.p12(local) into truststore.p12(remote) on the other server you want to connect to. 3) Update certificate information in server.xml and clientkeystore.conf files 1) Populate server.xml with the information from keystore.p12 and truststore.p12. The server.xml file is located under webAdminInstallDir/tomcat/conf. - In case of HTTPS, - Set the "keystorePass" and "keyAlias" attributes to the password and alias for keystore.p12. - In case of HTTPS with client authentication, - Set the "keystorePass" and "keyAlias" attributes to the password and alias for keystore.p12. - Set the truststorePass attribute to the password for truststore.p12. 2) Populate clientkeystore.conf with the information from clientkeystore.p12. The clientkeystore.conf file is generated by WebAdmin and its filename cannot be modified. - In case of HTTPS with client authentication, - Set the password for the private key imported into clientkeystore.p12 and the password and alias for clientkeystore.p12. 4) Restart WebAdmin. - After configuring certificates, please access the WebAdmin GUI using the following URL. https://: ------------------------------------------------------------------------------- [Patch Description] The following fixes are included in this patch: Fix Number: FJSVfsep-WAD-17-1701-0.s15.x86_64 01 PH24392 [*]Security failure [ ]Serious failure ([ ]Degradation) [*]Incompatibility does not exist / [ ]Incompatibility exists - Frequency ([*]Always / [ ]Rarely / [ ]Irregularly) - Description This fix applies Apache Tomcat changes to the product - Requirements to reproduce this issue This fix applies Apache Tomcat 9.0.98 changes to the product. Please also refer the changelog for the Apache Tomcat to check the details. https://tomcat.apache.org/tomcat-9.0-doc/changelog.html - Action Apply Apache Tomcat changes to the product. - Compatibility Information None. ------------------------------------------------------------------------------- [List of fixed files] Files replaced by the patch: $INS_DIR/cmd/checkdisk $INS_DIR/cmd/checkpgpid $INS_DIR/cmd/fsep_certify $INS_DIR/cmd/fsep_check $INS_DIR/cmd/fsep_cmd $INS_DIR/cmd/fsep_fchk $INS_DIR/cmd/fsep_services $INS_DIR/cmd/getdiskinf $INS_DIR/cmd/pspa_cirtify $INS_DIR/cmd/pspa_cmd $INS_DIR/cmd/pspa_fr $INS_DIR/cmd/pspa_fw $INS_DIR/cmd/pspa_pgctl $INS_DIR/cmd/tunekernel $INS_DIR/etc/template/ROOT/css/style.css $INS_DIR/etc/template/ROOT/images/favicon.ico $INS_DIR/etc/template/ROOT/images/logo.svg $INS_DIR/etc/template/ROOT/images/product-name.svg $INS_DIR/etc/template/ROOT/images/sprite.svg $INS_DIR/etc/template/ROOT/index.jsp $INS_DIR/etc/template/ROOT/js/script.js $INS_DIR/etc/template/server.xml.default $INS_DIR/lib/postgresql-jdbc42.jar $INS_DIR/sbin/WebAdminSetup $INS_DIR/tomcat/BUILDING.txt $INS_DIR/tomcat/CONTRIBUTING.md $INS_DIR/tomcat/LICENSE $INS_DIR/tomcat/NOTICE $INS_DIR/tomcat/README.md $INS_DIR/tomcat/RELEASE-NOTES $INS_DIR/tomcat/RUNNING.txt $INS_DIR/tomcat/bin/bootstrap.jar $INS_DIR/tomcat/bin/catalina-tasks.xml $INS_DIR/tomcat/bin/catalina.bat $INS_DIR/tomcat/bin/catalina.sh $INS_DIR/tomcat/bin/ciphers.bat $INS_DIR/tomcat/bin/ciphers.sh $INS_DIR/tomcat/bin/commons-daemon-native.tar.gz $INS_DIR/tomcat/bin/commons-daemon.jar $INS_DIR/tomcat/bin/configtest.bat $INS_DIR/tomcat/bin/configtest.sh $INS_DIR/tomcat/bin/daemon.sh $INS_DIR/tomcat/bin/digest.bat $INS_DIR/tomcat/bin/digest.sh $INS_DIR/tomcat/bin/makebase.bat $INS_DIR/tomcat/bin/makebase.sh $INS_DIR/tomcat/bin/setclasspath.bat $INS_DIR/tomcat/bin/setclasspath.sh $INS_DIR/tomcat/bin/shutdown.bat $INS_DIR/tomcat/bin/shutdown.sh $INS_DIR/tomcat/bin/startup.bat $INS_DIR/tomcat/bin/startup.sh $INS_DIR/tomcat/bin/tomcat-juli.jar $INS_DIR/tomcat/bin/tomcat-native.tar.gz $INS_DIR/tomcat/bin/tool-wrapper.bat $INS_DIR/tomcat/bin/tool-wrapper.sh $INS_DIR/tomcat/bin/version.bat $INS_DIR/tomcat/bin/version.sh $INS_DIR/tomcat/conf/catalina.policy $INS_DIR/tomcat/conf/catalina.properties $INS_DIR/tomcat/conf/context.xml $INS_DIR/tomcat/conf/jaspic-providers.xml $INS_DIR/tomcat/conf/jaspic-providers.xsd $INS_DIR/tomcat/conf/logging.properties $INS_DIR/tomcat/conf/server.xml $INS_DIR/tomcat/conf/tomcat-users.xml $INS_DIR/tomcat/conf/tomcat-users.xsd $INS_DIR/tomcat/conf/web.xml $INS_DIR/tomcat/lib/annotations-api.jar $INS_DIR/tomcat/lib/catalina-ant.jar $INS_DIR/tomcat/lib/catalina-ha.jar $INS_DIR/tomcat/lib/catalina-ssi.jar $INS_DIR/tomcat/lib/catalina-storeconfig.jar $INS_DIR/tomcat/lib/catalina-tribes.jar $INS_DIR/tomcat/lib/catalina.jar $INS_DIR/tomcat/lib/ecj-4.20.jar $INS_DIR/tomcat/lib/el-api.jar $INS_DIR/tomcat/lib/fepwa-security-0.0.1-SNAPSHOT.jar $INS_DIR/tomcat/lib/jasper-el.jar $INS_DIR/tomcat/lib/jasper.jar $INS_DIR/tomcat/lib/jaspic-api.jar $INS_DIR/tomcat/lib/jsp-api.jar $INS_DIR/tomcat/lib/servlet-api.jar $INS_DIR/tomcat/lib/tomcat-api.jar $INS_DIR/tomcat/lib/tomcat-coyote-ffm.jar $INS_DIR/tomcat/lib/tomcat-coyote.jar $INS_DIR/tomcat/lib/tomcat-dbcp.jar $INS_DIR/tomcat/lib/tomcat-i18n-cs.jar $INS_DIR/tomcat/lib/tomcat-i18n-de.jar $INS_DIR/tomcat/lib/tomcat-i18n-es.jar $INS_DIR/tomcat/lib/tomcat-i18n-fr.jar $INS_DIR/tomcat/lib/tomcat-i18n-ja.jar $INS_DIR/tomcat/lib/tomcat-i18n-ko.jar $INS_DIR/tomcat/lib/tomcat-i18n-pt-BR.jar $INS_DIR/tomcat/lib/tomcat-i18n-ru.jar $INS_DIR/tomcat/lib/tomcat-i18n-zh-CN.jar $INS_DIR/tomcat/lib/tomcat-jdbc.jar $INS_DIR/tomcat/lib/tomcat-jni.jar $INS_DIR/tomcat/lib/tomcat-util-scan.jar $INS_DIR/tomcat/lib/tomcat-util.jar $INS_DIR/tomcat/lib/tomcat-websocket.jar $INS_DIR/tomcat/lib/websocket-api.jar $INS_DIR/tomcat/temp/safeToDelete.tmp $INS_DIR/tomcat/webapps/ROOT/css/style.css $INS_DIR/tomcat/webapps/ROOT/images/favicon.ico $INS_DIR/tomcat/webapps/ROOT/images/logo.svg $INS_DIR/tomcat/webapps/ROOT/images/product-name.svg $INS_DIR/tomcat/webapps/ROOT/images/sprite.svg $INS_DIR/tomcat/webapps/ROOT/index.jsp $INS_DIR/tomcat/webapps/ROOT/js/script.js $INS_DIR/tomcat/webapps/fepwa-webagent.war $INS_DIR/tomcat/webapps/fepwa-webcontroller.war $INS_DIR/tools/instanceSetup.sh $INS_DIR/tools/makeconf.sh -------------------------------------------------------------------------------