IV20285: ERROR WHILE IMPORTING A CERTIFICATE TO A KEYSTORE WITH A HYBRID IBM JVM ON SOLARIS/HP-UX, JAVA.LANG.CLASSCASTEXCEPTION MESSAGE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Description:
    
    When
    com.ibm.security.keystoreutil.KeyStoreUtil.importCertificate(s)
    is used to import certificate to a keystore with a hybrid IBM
    JVM on Solaris/HP-UX, java.lang.ClassCastException will be
    thrown with the message "sun.security.x509.X500Name cannot be
    cast to com.ibm.security.x509.X500Name". This is because the Sun
    provider will be chosen to generate the x509 certificate instead
    of IBMJCE. The X500Name obtained from the certificate will be
    sun.security.x509.X500Name, which make it fail to cast to
    com.ibm.security.x509.X500Name.
    
    Affected class:
    com.ibm.security.keystoreutil.KeyStoreUtil in ibmkeycert.jar
    
    Affected JVM:
    5.0, 6.0, 6.26, 7.0
    

Local fix

  • N/A
    

Problem summary

  • Error "sun.security.x509.X500Name cannot be cast to
    com.ibm.security.x509.X500Name" while importing a certificate
    with "KeyStoreUtil.importCertificate"
    
    When
    com.ibm.security.keystoreutil.KeyStoreUtil.importCertificate(s)
    is used to import certificate to a keystore with a hybrid IBM
    JVM on Solaris/HP-UX, java.lang.ClassCastException will be
    thrown with the message "sun.security.x509.X500Name cannot be
    cast to com.ibm.security.x509.X500Name". This is because the Sun
    provider will be chosen to generate the x509 certificate instead
    of IBMJCE. The X500Name obtained from the certificate will be
    sun.security.x509.X500Name, which make it fail to cast to
    com.ibm.security.x509.X500Name.
    

Problem conclusion

  • Hardcode KeyStoreUtil.importCertificate to always use the IBMJCE
    provider.
    Availability:
    ibmkeycert.jar dated 20120430
    142sr13 FP13, 50sr14, 60sr11, 6.26sr3 and 7.0sr3
    Hursley Defect 191179
    Austin Defect 112792
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV20285

  • Reported component name

    TIVOLI JAVA PKC

  • Reported component ID

    TIVSECPKC

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-04-27

  • Closed date

    2012-04-30

  • Last modified date

    2012-09-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIVOLI JAVA PKC

  • Fixed component ID

    TIVSECPKC

Applicable component levels

  • R100 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Components - Java Security
PKCS

Software version:

100

Reference #:

IV20285

Modified date:

2012-09-05

Translate my page

Machine Translation

Content navigation