Skip to main content

IC88693: IMPORTING CERTIFICATE TO HSM USING SSP MANAGECSRS.SH UTILITY PRODUCES AN ERROR AND CERTIFICATE IS NOT IMPORTED


Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When importing certificate to HSM using SSP manageCSRs.sh
utility an
error is returned and certificate is not imported.
SSP is enabled with HSM (using work around as mentioned earlier)
Certigicate request was generated using manageCSRs.sh utility
on HSM
When trying to update certificate on HSM using the manageCSRs.sh
utility to import certificate on HSM following error is
received:
IBM Sterling Secure Proxy V3.4.1.0
Copyright (c) 2011 IBM
Updating key-certificate...
***Fail to parse input stream
We have tried using different format including PEM, DER (PEM),
P7 but
did not work and returned same message

Local fix

  •  
    • 
  
 
  
Problem summary
 
  
     
   
  • Unable to update CA Signed certificate using manageCSR utility
Client is attempting to update a keycert on their HSM device
using the manageCSR utility.  However, they get the message,
   Updating key-certificate...
   ***Fail to parse input stream
The operation which decoded the certificate from Base64 into its
binary form was producing garbage, causing the subsequent
generateCertificates method to fail.

Platforms Affected:
All

     
    • 
  
 
  
Problem conclusion
 
  
     
   
  • Changed the Base64 class to the Apache version which does a more
reliable job of encoding and decoding certificates.

Delivered In:
3.4.1.7

     
    • 
  
 
  
Temporary fix
 
  
     
   
  •  
    • 
  
 
  
Comments
 
  
     
   
  •  
    • 
  
 
  
APAR Information
 
  
 
   
     
    
  • APAR number
    IC88693
    •  
    
  • Reported component name
    STR SECURE PROX
    •  
    
  • Reported component ID
    5725D0300
    •  
    
  • Reported release
    341
    •  
    
  • Status
    CLOSED PER
    •  
    
  • PE
    NoPE
    •  
    
  • HIPER
    NoHIPER
    •  
    
  • Special Attention
    NoSpecatt
    •  
    
  • Submitted date
    2012-11-28
    •  
    
  • Closed date
    2013-01-14
    •  
    
  • Last modified date
    2013-01-14
    •  
   
 
  
 
  
     
   
  • APAR is sysrouted FROM one or more of the following:
     
    •  
   
  • APAR is sysrouted TO one or more of the following:
     
    •  
  
 
  
Fix information
 
  
     
   
  • Fixed component name
    STR SECURE PROX
    •  
   
  • Fixed component ID
    5725D0300
    •  
  
 
  
Applicable component levels
 
  
     
   
  • R341 PSY
       UP
    •  
  
 
 
 

 









Rate this page:



(0 users)Average rating 





















	
	
	
	
	









	



























Copyright and trademark information



	
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.  Other product and service names might be trademarks of IBM or other companies.  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.































Rate this page:






(0 users)Average rating









Add comments














Document information





	
Sterling Secure Proxy


	




	
Software version:

	341

	





	
Reference #:

IC88693






Modified date:

2013-01-14








Translate my page














































 



Content navigation