A fix is available
APAR status
Closed as program error.
Error description
You renewed an SSL certificate and tried to bring the certificate in immediately. This caused the following error messages: DFHAM4889 Install of URIAMP failed because CERTIFICATE is invalid. DFHAM4928 Install of URIMAP failed because the specified certificate is not yet current. This problem is caused by a change made a few releases ago to ensure that ABSTIME values are always in local time. INQUIRE_TIME now always returns a local abstime value. However, the CONVERT_TIME routine that is called to convert the UTC time in the certificate to an ABSTIME value, just does a conversion of the format, producing a GMT ABSTIME instead of a local ABSTIME. CICS then compares the current time (local abstime) with the times specified on the certificate (GMT abstime) which is not valid. Additional Symptom(s) Search Keyword(s): KIXREVGJT
Local fix
Wait until local time has passed the GMT time specified on the certificate.
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: Error message DFHAM4889 issued followed * * by DFHAM4928. * **************************************************************** * RECOMMENDATION: * **************************************************************** In the reported problem, a resource that used an SSL Certificate whose Start Date was after the UTC valid from Start Date would not install. When a resource containing an SSL Certificate is installed then a DFHXSCT INQUIRE_CERTIFICATE call is made. This call will ( amongst other things ) check the Start From and End Date timestamps that are in the Certificate and are specified in UTC format against the time that is returned from DFHTIMF routine Convert_Utctime. This routine currently returns the time in local time and not UTC. . As a consequence, if the local time is behind UTC then it is possible the certificate will not install because it is deemed the Certificate is not yet valid. Conversely, if the local time is ahead of GMT then the Certificate could be deemed to be expired when it still has time left to run.
Problem conclusion
DFHXSCT has been amended to compare the Certificate Start Date and End Date timestamps with local time adjusted to UTC.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM84623
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-03-12
Closed date
2013-03-26
Last modified date
2015-03-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK93389
Modules/Macros
DFHTIMF DFHXSCT
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R800 PSY UK93389
UP13/04/20 P F304
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 March 2015