IC91902: VERIFY ACTION CANNOT FIND INSTALLED CERTIFICATE USING X509ISSUERSERIAL REFERENCE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as fixed if next.

Error description

  • When verifying the signature of a request/response, the verify
    action fails with *Certificate Not Found* error, although
    the correct signing certificate is uploaded within the domain.
    
    This can occur if the signed incoming message uses an
    X509IssuerSerial reference to identify the certificate that
    signed the message.  For example:
    
    <X509IssuerSerial>
       <X509IssuerName>C=US,O=XYZ,CN=Tree-Sys</X509IssuerName>
    
       <X509SerialNumber>123456789123456789</X509SerialNumber>
    </X509IssuerSerial>
    

Local fix

  • In the Verify Action, set the "Optional Signer Certificate"
    parameter to the appropriate certificate object name.
    This forces the Verify Action to find the certificate
    immediately, instead of searching the domain using the
    IssuerSerial lookup method.
    

Problem summary

  • Fix will be available in a future major release.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IC91902

  • Reported component name

    DTPWR INTGRAPL

  • Reported component ID

    DP905XI52

  • Reported release

    401

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-04-26

  • Closed date

    2013-06-07

  • Last modified date

    2013-06-07

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • R600 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere DataPower Integration Appliance XI52

Software version:

4.0.1

Reference #:

IC91902

Modified date:

2013-06-07

Translate my page

Machine Translation

Content navigation