APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
Problem summary
1. Update iKeyman for IBMJCEPlus Update iKeyman to enable IBMJCEPlus and IBMJCEPlusFIPS providers. 2. PKCS12 keystore corrupted after using iKeyman PKCS12 Keystore created using iKeyman and listed via Gsk8capicmd shows duplicate entries
Problem conclusion
1. Update iKeyman for IBMJCEPlus i. Removing the hard-code reference to IBMJCE provider and modifying the code to use the new provider name. ii. Added a new setting DEFAULT_IBMJCE_PLUS_PROCESSING. If set to true, forces the the use of the IBMJCEPlus or IBMJCEPlusFIPS Provider. If set to false, uses whichever JCE Provider comes first in the java.security file. Note. IBMJCEPlus and IBMJCEPlusFIPS providers are not intended to be replacements for the IBMJCE or IBMJCEFIPS providers. For JKS/JCEKS, PKCS12 keystore generation and X.509 certificate and few other operations, iKeyman still uses IBMJCE provider. 2. PKCS12 keystore corrupted after using iKeyman The problem is Java PKCS12 adds the certificate chain associated with each key entry as a separate certificate entry. This caused duplicate entries in the keystore. A fix is in both iKeyman and GSK8capicmd (version 8.0.55.10). The fix in iKeyman, is to remove the fix for PMR 31496,001,80 for PKCS12 keystore that builds certificate chain for each key entry. The fix in GSK8capicmd is to consider only valid key entries. . This APAR will be fixed in the following Java Releases: 8 SR6 (8.0.6.0)
Temporary fix
Comments
APAR Information
APAR number
IJ18573
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-08-24
Closed date
2019-09-10
Last modified date
2019-09-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020