APAR status
Closed as Permanent restriction.
Error description
After install of TPC for Replication for Z/OS v 5.2.8 when changing the key_store_type from JKS to JCERACFKS getting SSL certificate errors associated to the Keyring in RACF. Error in Ring_name length or RACF_userid length ERROR ] CWPKI0804E: SSL certificate creation error. Unable to create SSL key file: /shared/tpcr/opt/Tivoli/RM/wlp/usr/servers/replicationServer/res ources/sec ERROR ] CWPKI0033E: The keystore located at /shared/tpcr/opt/Tivoli/RM/wlp/usr/servers/replicationServer/res ources/security/safkeyring:/WASKeyring.WASOEM1 di......... Error found in FFDC log file: Exception = java.io.IOException Source = com.ibm.ws.ssl.config.WSKeyStore$1 probeid = do_getKeyStore Stack Dump = java.io.IOException: Error in Ring_name length or RACF_userid length at com.ibm.crypto.provider.RACFInputStream.a(Unknown Source) at com.ibm.crypto.provider.RACFInputStream.<init>(Unknown Source) at com.ibm.crypto.provider.safkeyring.a.getInputStream(Unknown Source) at java.net.URL.openStream(URL.java:1054) at com.ibm.ws.ssl.config.WSKeyStore.openKeyStore(WSKeyStore.java:98 3) at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:691) at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:557) at java.security.AccessController.doPrivileged(AccessController.jav a:420) at com.ibm.ws.ssl.config.WSKeyStore.obtainKeyStore(WSKeyStore.java: 557) at com.ibm.ws.ssl.config.WSKeyStore.do_getKeyStore(WSKeyStore.java: 538) at com.ibm.ws.ssl.config.WSKeyStore.getKeyStore(WSKeyStore.java:743 ) at com.ibm.ws.ssl.config.WSKeyStore.initializeKeyStore(WSKeyStore.j ava:836) at com.ibm.ws.ssl.config.WSKeyStore.<init>(WSKeyStore.java:210) at com.ibm.ws.ssl.internal.KeystoreConfig.updateKeystoreConfig(Keys toreConfig.java:90) at com.ibm.ws.ssl.internal.KeystoreConfigurationFactory.updated(Key storeConfigurationFactory.java:86) at com.ibm.ws.config.admin.internal.ManagedServiceFactoryTracker$2. run(ManagedServiceFactoryTracker.java:274) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.ja va:483) at java.util.concurrent.FutureTask.run(FutureTask.java:274) at com.ibm.ws.config.admin.internal.UpdateQueue$Queue.run(UpdateQue ue.java:67) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec utor.java:1157) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe cutor.java:627) at java.lang.Thread.run(Thread.java:798) Caused by: java.io.IOException: Error in Ring_name length or RACF_userid length at com.ibm.crypto.provider.RACF.getRecords(Native Method) Keyring name is being incorrectly parced. key.store.location=safkeyring:///WASKeyring.WASOEM1 Escape characters are incorrectly removed and result is: location = "safkeyring:/WASKeyring.WASOEM1
Local fix
Use default key instead of custom keyring. . RECREATE STEPS: Change the key_store_type from JKS to JCERACFKS. Use a keyring in RACF instead of the default Key. ________________________________________________________________ DB2 Version used for Server: N/A The defect is against component: 5608TRMZ0 Server/Manager build/release (TPC): 5.2.8 ________________________________________________________________ Problem as described by customer: Unable to use custom Keyring in RACF.
Problem summary
**************************************************************** * USERS AFFECTED: * * Tivoli Storage Productivity Center for Replication 5.2.x * * users * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION. * **************************************************************** * RECOMMENDATION: * * Migrate to Copy Services Manager 6.1.1 or later. * ****************************************************************
Problem conclusion
No fix is available for Tivoli Storage Productivity Center 5.2.x. A fix is available in Copy Services Manager 6.1.1 and later.
Temporary fix
Comments
APAR Information
APAR number
IT14411
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
528
Status
CLOSED PRS
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-22
Closed date
2016-08-04
Last modified date
2018-09-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
IT16262
Modules/Macros
TPCR
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"528"}]
Document Information
Modified date:
24 June 2022