Fixes are available
APAR status
Closed as program error.
Error description
After upgrading the certificate to SHA-2 the customer is unable to open the PKCS12 file and get SSLRuntimeException reason=2 (wrong format) The error happens when using command line to list the CustomizedCAs, It works fine when using the Certificate Management GUI on windows.
Local fix
use certificate management tool on windows
Problem summary
**************************************************************** * USERS AFFECTED: Customers trying to run the P12Keyring * * utility on keystores containing SHA-2 * * certificates. * **************************************************************** * PROBLEM DESCRIPTION: When P12Keyring utility is used to list * * certificate details through LIST * * command, it does not list the details * * of the certificates. Instead, Java * * object values for each certificate * * get displayed to the console. * **************************************************************** * RECOMMENDATION: * **************************************************************** When the customer runs the P12Keyring utility to display the list of certificates of any CustomizedCAs.p12 keystore that contain SHA-2 certificates, it prints some Java object values like "com.ibm.hod5sslight.SSLCert@494b494b" for each certificate. The details of the certificates contained in field name-value pairs are not displayed. The expected output is a list of fields that comprise the details of the certificate. Instead, if the P12Keyring utility is used on a .p12 file that contain SHA-1 certificates, the output seen is as expected. That is, the various details of the certificate are displayed with field names such as 'label','subject','issuer','serial', etc.
Problem conclusion
The reason for this is that the new SSL code contained in hasslite2.jar, which was enhanced to read SHA-2 certificates functions differently from the corresponding older version. The new version requires different sets of SSLite APIs to be called for the same information to be displayed. This change has been added to P12Keyring utility to allow the display of the details of the certificate when the LIST command is used with the utility. Fix Scheduled for Refresh Pack HOD 11.0.7
Temporary fix
Comments
APAR Information
APAR number
OA40923
Reported component name
HOD MVS
Reported component ID
5733A5900
Reported release
B00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-11-28
Closed date
2013-02-05
Last modified date
2013-02-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
P12KEYRI
Fix information
Fixed component name
HOD MVS
Fixed component ID
5733A5900
Applicable component levels
RB00 PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSS9FA","label":"IBM Host On-Demand"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B.0","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
16 October 2021