IBM Support

IC88693: IMPORTING CERTIFICATE TO HSM USING SSP MANAGECSRS.SH UTILITY PRODUCES AN ERROR AND CERTIFICATE IS NOT IMPORTED

Direct links to fixes

3.4.1.8-SterlingSecureProxy-Windows-if0009
3.4.1.8-SterlingSecureProxy-SolarisSPARC-if0009
3.4.1.8-SterlingSecureProxy-Linux-if0009
3.4.1.8-SterlingSecureProxy-Linux_S390-if0009
3.4.1.8-SterlingSecureProxy-HP-if0009
3.4.1.8-SterlingSecureProxy-HP-IA-if0009
3.4.1.8-SterlingSecureProxy-AIX-if0009

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When importing certificate to HSM using SSP manageCSRs.sh
utility an
error is returned and certificate is not imported.
SSP is enabled with HSM (using work around as mentioned earlier)
Certigicate request was generated using manageCSRs.sh utility
on HSM
When trying to update certificate on HSM using the manageCSRs.sh
utility to import certificate on HSM following error is
received:
IBM Sterling Secure Proxy V3.4.1.0
Copyright (c) 2011 IBM
Updating key-certificate...
***Fail to parse input stream
We have tried using different format including PEM, DER (PEM),
P7 but
did not work and returned same message

Local fix

  • 



Problem summary


    

  • Unable to update CA Signed certificate using manageCSR utility
Client is attempting to update a keycert on their HSM device
using the manageCSR utility.  However, they get the message,
   Updating key-certificate...
   ***Fail to parse input stream
The operation which decoded the certificate from Base64 into its
binary form was producing garbage, causing the subsequent
generateCertificates method to fail.

Platforms Affected:
All

    



Problem conclusion


    

  • Changed the Base64 class to the Apache version which does a more
reliable job of encoding and decoding certificates.

Delivered In:
3.4.1.7

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC88693
    • 

  • Reported component name
    STR SECURE PROX
    • 

  • Reported component ID
    5725D0300
    • 

  • Reported release
    341
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2012-11-28
    • 

  • Closed date
    2013-01-14
    • 

  • Last modified date
    2013-01-14
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR SECURE PROX
    • 

  • Fixed component ID
    5725D0300
    • 



Applicable component levels


    

  • R341  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"341","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            14 January 2013
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback