IV63804: PKCS11 CANNOT GET THE PRIVATE KEYS INSIDE A KEYSTORE

APAR status

• Closed as program error.

Error description

• Error Message: FBTCON269E The keystore does not contain any
  private keys. Try anotherkeystore or use the Key Service to
  import a private key.
  .
  Stack Trace: N/A
  .
  Using TFIM the public/private keypairs disappear and if they
  bounce the dmr and the private keys reappear.  Then an hour
  later, the keys will disappear again.
  

Local fix

• Stop and restart the data manager.
  

Problem summary

• The problem happens because signature verification
  initialization failed caused by public key which was not
  accepted by a second instance of the PKCS11 provider
  

Problem conclusion

• A fix was made to IBMPKCS11Impl providerThe associated Hursley
  RTC Problem Report is 72623.The associated Austin CMVC defect is
  115823JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0, and
  Java 727.The fix was delivered for Java 5.0 SR16FP8, Java 6.0
  SR16FP2, Java 626 SR8FP2, Java 7.0 SR7FP2, and Java
  727SR1FP2.The affected jar is "ibmpkcs11impl.jar".The build
  level of this jar for all affected releases is "20140815"
  .
  This APAR will be fixed in the following Java Releases:
     6    SR16 FP2  (6.0.16.2)
     6 R1 SR8 FP2   (6.1.8.2)
     5.0  SR16 FP8  (5.0.16.8)
     7    SR8       (7.0.8.0)
     7 R1 SR2       (7.1.2.0)
  .
  Contact your IBM Product's Service Team for these Service
  Refreshes and Fix Packs.
  For those running stand-alone, Java maintenance is available
  from:
             https://www.ibm.com/developerworks/java/jdk/
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  IV63805

Fix information

• Fixed component name

  SECURITY

• Fixed component ID

  620700125

Applicable component levels

• R600 PSY

     UP

• R260 PSY

     UP