IC88693: IMPORTING CERTIFICATE TO HSM USING SSP MANAGECSRS.SH UTILITY PRODUCES AN ERROR AND CERTIFICATE IS NOT IMPORTED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • When importing certificate to HSM using SSP manageCSRs.sh
    utility an
    error is returned and certificate is not imported.
    SSP is enabled with HSM (using work around as mentioned earlier)
    Certigicate request was generated using manageCSRs.sh utility
    on HSM
    When trying to update certificate on HSM using the manageCSRs.sh
    utility to import certificate on HSM following error is
    received:
    IBM Sterling Secure Proxy V3.4.1.0
    Copyright (c) 2011 IBM
    Updating key-certificate...
    ***Fail to parse input stream
    We have tried using different format including PEM, DER (PEM),
    P7 but
    did not work and returned same message
    

Local fix

Problem summary

  • Unable to update CA Signed certificate using manageCSR utility
    Client is attempting to update a keycert on their HSM device
    using the manageCSR utility.  However, they get the message,
       Updating key-certificate...
       ***Fail to parse input stream
    The operation which decoded the certificate from Base64 into its
    binary form was producing garbage, causing the subsequent
    generateCertificates method to fail.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Changed the Base64 class to the Apache version which does a more
    reliable job of encoding and decoding certificates.
    
    Delivered In:
    3.4.1.7
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC88693

  • Reported component name

    STR SECURE PROX

  • Reported component ID

    5725D0300

  • Reported release

    341

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-28

  • Closed date

    2013-01-14

  • Last modified date

    2013-01-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR SECURE PROX

  • Fixed component ID

    5725D0300

Applicable component levels

  • R341 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Sterling Secure Proxy

Software version:

341

Reference #:

IC88693

Modified date:

2013-01-14

Translate my page

Machine Translation

Content navigation