IBM Support

PH09913: IBM DEVELOPER FOR Z SYSTEMS (IDZ CLIENT) : CERTIFICATE CHAINING ERROR DURING DTCN CONNECTION TO CICS REGION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • IBM Developer for z Systems - IDz Client - v14.1.2

Description :
Using IDz v 14.1.2 on Windows 7 and Debug Tool v14.1 on z/OS,
the following error is displayed in the CICS HTTP server
response:
com.ibm.jsse2.util.h: PKIX path
building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath
[...]
internal cause is:
java.security.cert.CertPathValidatorException:
Certificate chaining error"

attempting to connect to the CICS region using the DTCN
connection .

When using the same workspace in IDz v14.0.0.5 iFix1, the
connection
to the same LPAR (same debug installation, same cics region),
is successful.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All users of the Debug Tool DTCN plug-in with SSL            *
* connections.                                                 *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* DTCN connections secured with SSL fail to connect with a     *
* certificate chaining error.                                  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The mechanism that was being used by the DTCN plugin to load the
certificates was deprecated and removed, causing the DTCN plugin
to no longer be able to load the keystore configured in the
preferences, and resulting in failed connections.

    



Problem conclusion


    

  • The DTCN plugin was updated to use the new method for loading
certificates and the keystore specified in the preferences.

This problem is fixed in the following products:
IBM Debug for z Systems
IBM Developer for z Systems
IBM Developer for z Systems Enterprise Edition

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH09913
    • 

  • Reported component name
    DEV FOR Z SYS
    • 

  • Reported component ID
    5724T0700
    • 

  • Reported release
    E10
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-03-19
    • 

  • Closed date
    2019-06-13
    • 

  • Last modified date
    2019-06-13
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DEV FOR Z SYS
    • 

  • Fixed component ID
    5724T0700
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSJK49","label":"IBM Developer for z Systems"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"E10","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            13 June 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback