APAR status
Closed as program error.
Error description
Certificateificate management: Some services and adapters use system certificate ID, other use the system certificate name. This means that when the system certificate expires and a new one must be created, there is no simple way of updating all adapters to use the correct certificate.It should be standardized across all SI adapters that they use the system certificate name value. For example CDSA and HTTP Server/FTP Server adapter use the certificateificate Name. However, FTP and Http client adapter/Begin Session services use the certificateificate ID. Managing the certificates via HSM will not work as the object ID is still updated when the new certificate is imported into SI.
Local fix
STRRTC - 350322 LM / LM Circumvention: None
Problem summary
Users Affected: ALL Problem Description: Currently the only way to update the System Certificate is to delete and create a new system certificate with same name. But this creates a new object id instead of using the same. Ideally, the same object id should be updated with new certificate details. Problem Summary: Currently, to update the certificate - user have to delete the existing certificate and then create a new certificate with same certificate name. Instead update the existing certificate without deleting it by providing an upload option in case of key certificate and pkcs. In case of self signed certificate the individual fields will be editable.
Problem conclusion
With the fix, when user edits a system certificate, he/she has to choose among Self Signed, Key or PKCS 12 certificate. Providing an upload option in case of key certificate and pkcs. In case of self signed certificate the individual fields will be editable. > Update the system certificate from UI - (Exception: In self signed edit - "Set Certificate Signing Bit" field could not retain its older value as same is not saved in certificate or database, this value is only used to generate the certificate and is not known once the certificate is created. Hence, this value could not retain its older value. In Key cert and PKCS cert - password and file uploads are not retained as per the practice.) On click of edit link from certificate search result screen, Take the user to a new screen which asks to chose among three options: o Self Signed Certificate o Key Certificate o PKCS12 Certificate Once the user chooses one of the above, the wizard will take care of showing the respective screens to edit the fields (self signed) or upload the .txt file (key cert) or upload .pfx file (pkcs12). Once user clicks finish, the same objective id will be updated.
Temporary fix
Comments
APAR Information
APAR number
IC88761
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
520
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-11-30
Closed date
2012-12-10
Last modified date
2012-12-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
R524 PSY
UP
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.