APAR status
Closed as new function.
Error description
Abstract Description: Add Oracle's new signer certificate Stack Trace, if applicable: Other Error Information, as reported by customer:
Local fix
N/A
Problem summary
Add the new Oracle signer certificate ERROR MESSAGE: java.security.NoSuchProviderException: JCE cannot authenticate the provider nCipherKM</errorMessage> <stackTrace>Application error processing JCE cannot authenticate the provider nCipherKM|WebContainer : 4 java.security.NoSuchProviderException: JCE cannot authenticate the provider nCipherKM at javax.crypto.b.a(Unknown Source) at javax.crypto.KeyAgreement.getInstance(Unknown Source) ... Caused by: java.util.jar.JarException: file:/appserver/WebSphere/AppServer/java_1.7_64/jre/lib/ext/nCip herKM.jar is not signed by a trusted signer. at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) ERROR DESCRIPTION: Add the new Oracle signer certificate used to sign cryptographic provider. Owner: CN=JCE Code Signing CA,OU=Java Software Code Signing, O=Oracle Corporation Issuer: CN=JCE Code Signing CA,OU=Java Software Code Signing, O=Oracle Corporation Serial number: 3C:9E:B1:FC:89:F7:33:D3 Valid from: Jul 6 23:48:44 2016 GMT until Dec 31 00:00:00 2030 GMT
Problem conclusion
The new Oracle signer certificate has been added to the cryptographic provider verification list. The expired Oracle cryptographic signer certificate has been removed. The associated Hursley RTC Problem Report is 143956 The associated Austin GIT defect is IBMJCEFW#30 The associated Austin APAR is IJ25459 JVMs affected: Java 7.0, Java 7.1 and Java 8.0 The fix was delivered for Java 7 sr10 fp 75, Java 727 sr4 fp75 and Java 8 sr6 fp25 The affected jar is "ibmjcefw.jar". The build level of this jar for the affected releases is Java 7, 727 - build_200710-90; Java 8 build_200710-91
Temporary fix
Comments
APAR Information
APAR number
IJ25459
Reported component name
TIV JAVA CRYPTO
Reported component ID
TIVSECJCE
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-06-09
Closed date
2020-07-21
Last modified date
2021-09-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Fixed component name
TIV JAVA CRYPTO
Fixed component ID
TIVSECJCE
Applicable component levels
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSWKFH","label":"Tivoli Components - Java Security"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600"}]
Document Information
Modified date:
14 September 2021