IBM Support

IV93420: NEW LOCALE OPTION, CERTIFICATE CHAIN ISSUE WITH JKS KEYSTORE, CA CERT DELETION ISSUE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: 1. New requirement for -locale <cc> option in
    iKeyman
    2. Certificate chain is not properly generated with JKS keystore
    3. Deleting a CA certificate does not remove it from keystore
    database" is displayed
    .
    Stack Trace: N/A
    .
    

Local fix

  • 1) Workaround for deleting a CA certificate
      To delete a CA certifcate, we will need to first delete all
    the personal certificate signed by CA.
    

Problem summary

  • 1. New requirement for -locale <cc> option in iKeyman:
       New requirement for -locale<cc> option to override the locale
    with the country code (cc) in ikeyman and ikeycmd.
    2. Certificate chain issue with JKS keystore
       Certificate chain configured in JKS keystore, the
    certificates are stored as single element (chain length =1), it
    fails to recognize the chain.
    3. CA certificate delete issue
       Deleting a CA certificate does not remove it from the
    keystore, when there is a personal certificate present signed by
    that CA certificate. As part of an internal defect fix ('b8506 -
    PFX import failure') in iKeyman version 8.0.412, iKeyman
    manually adds the missing signer certificates (CA). Thus, the CA
    certificate was deleted and added again.
    

Problem conclusion

  • 1. New requirement for -locale <cc> option in iKeyman:
       1) We can set the locale using the following options:
       Option1: ikeyman.exe/ikeycmd.exe -DDEFAULT_LOCALE=de
       Option2: ikeyman.exe/ikeycmd.exe -locale de
       2) If both the options are present -locale overrides -D
       ikeyman.exe/ikeycmd.exe -DDEFAULT_LOCALE=de -locale fr
       3) If the specified Locale is not found, iKeyman will set the
    default locale to English
    2. Certificate chain issue with JKS keystore
       The receive certificate command in ikeyman/ikeycmd will build
    the certificate chain for JKS keystore.
    3. CA certificate delete issue
       Only signer certificate with "" string alias is deleted,
    extracted from personal certificate and added to the keystore.
    This can fix the CA certficate delete issue in iKeyman.
    .
    This APAR will be fixed in the following Java Releases:
       8    SR4 FP5   (8.0.4.5)
       7    SR10 FP5  (7.0.10.5)
       7 R1 SR4 FP5   (7.1.4.5)
       6    SR16 FP45 (6.0.16.45)
       6 R1 SR8 FP45  (6.1.8.45)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, information about the available
    Service Refreshes and Fix Packs can be found at:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV93420

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    270

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-02-15

  • Closed date

    2017-02-17

  • Last modified date

    2017-02-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R270 PSY

       UP

  • R260 PSY

       UP

  • R600 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020