IBM Support

IV63804: PKCS11 CANNOT GET THE PRIVATE KEYS INSIDE A KEYSTORE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: FBTCON269E The keystore does not contain any
    private keys. Try anotherkeystore or use the Key Service to
    import a private key.
    .
    Stack Trace: N/A
    .
    Using TFIM the public/private keypairs disappear and if they
    bounce the dmr and the private keys reappear.  Then an hour
    later, the keys will disappear again.
    

Local fix

  • Stop and restart the data manager.
    

Problem summary

  • The problem happens because signature verification
    initialization failed caused by public key which was not
    accepted by a second instance of the PKCS11 provider
    

Problem conclusion

  • A fix was made to IBMPKCS11Impl providerThe associated Hursley
    RTC Problem Report is 72623.The associated Austin CMVC defect is
    115823JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0, and
    Java 727.The fix was delivered for Java 5.0 SR16FP8, Java 6.0
    SR16FP2, Java 626 SR8FP2, Java 7.0 SR7FP2, and Java
    727SR1FP2.The affected jar is "ibmpkcs11impl.jar".The build
    level of this jar for all affected releases is "20140815"
    .
    This APAR will be fixed in the following Java Releases:
       6    SR16 FP2  (6.0.16.2)
       6 R1 SR8 FP2   (6.1.8.2)
       5.0  SR16 FP8  (5.0.16.8)
       7    SR8       (7.0.8.0)
       7 R1 SR2       (7.1.2.0)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, Java maintenance is available
    from:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV63804

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-08-20

  • Closed date

    2014-09-08

  • Last modified date

    2014-09-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IV63805

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R600 PSY

       UP

  • R260 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 6.0

Reference #: IV63804

Modified date: 08 September 2014