IBM Support

IC81532: (CM) UNABLE TO IMPORT CERTIFICATE-CAUSE COUNTRY CODE IS SET AS A UTF8 INSTEAD OF A PRINTABLE STRING

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Parsing error for CA certificates owned by the company TSYS
    prevents the use of those certificates, and prevents us from
    enabling their adapters with SSP 3.x.  NOTE: We ran into issues
    with these certificates in SSP 2.x due to the typing of
    Distinguished Name components as UTF8 and not PrintableString.
    

Local fix

  • Provide user fix in Patch 2 update - Files: SSP3400.Patch2.tar,
    SSP3400cm.Patch2.tar
    

Problem summary

  • Users Affected:
    SSP administrators who attempt to import a certificate with the
    wrong country code encoding into the CM
    
    Problem Description:
    Customer attempted to import a certificate using the SSP
    Configuration Manager GUI and got message, Unable to parse
    certificate.  Further research showed that the certificate was
    failing on the Country Code, because it had been generated with
    an ASN1 encoding of UTF8String instead of the required
    PrintableString.
    
    Platforms Affected:
    All
    

Problem conclusion

  • With the fix for IC81532 (RTC314325) applied the Customer may
    ignore the
    check for Illegal encoding on the Country Codes by adding the
       -DallowIllegalCountryNameEncodings=1
    parameter to the java startup line(s) in the startCM.sh and
    StartEngine.sh startup scripts on UNIX.  When running under
    Windows, add the parm to the lax.nl.java.option.additional= line
    in the .\bin\SSPcm$.lax file.
    
    Delivered In:
    3.2.0.15,3.3.1.17,3.4.0.2,3.4.1.2
    
    
    Delivered In:
    3.2.0.15,3.3.1.17,3.4.0.2,3.4.1.2
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC81532

  • Reported component name

    STR SECURE PROX

  • Reported component ID

    5725D0300

  • Reported release

    340

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2012-02-20

  • Closed date

    2012-08-03

  • Last modified date

    2012-08-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR SECURE PROX

  • Fixed component ID

    5725D0300

Applicable component levels

  • R320 PSY

       UP

  • R331 PSY

       UP

  • R340 PSY

       UP

  • R341 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.4","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
03 August 2012