IBM Support

IT09708: GETTING UNSUPPORTED PKCS8 FORMAT ON PRIVATE KEY AFTER UPGRADE TO SSP3420

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

Direct links to fixes

3.4.2.0-SterlingSecureProxy-AIX-if0004
3.4.2.0-SterlingSecureProxy-HP-IA-if0004
3.4.2.0-SterlingSecureProxy-Linux_s390-if0004
3.4.2.0-SterlingSecureProxy-Linux-if0004
3.4.2.0-SterlingSecureProxy-SolarisSPARC-if0004
3.4.2.0-SterlingSecureProxy-Windows-if0004
3.4.2.0-SterlingSecureProxy-AIX-if0005
3.4.2.0-SterlingSecureProxy-HP-IA-if0005
3.4.2.0-SterlingSecureProxy-Linux_s390-if0005
3.4.2.0-SterlingSecureProxy-Linux-if0005
3.4.2.0-SterlingSecureProxy-SolarisSPARC-if0005
3.4.2.0-SterlingSecureProxy-Windows-if0005

 

APAR status

  • Closed as program error.

Error description

  • Customer upgraded from SSP340 to SSP3420 and now they are
having problems with FTP/TLS connections because we are having
trouble with a certificate:
issue with these OID's:
1.2.840.113549.1.5.12 - id-PBKDF2 - Key Derivation Function
1.2.840.113549.1.5.13 - id-PBES2: PBES2 encryption scheme

Local fix

  • n/a

Problem summary

  • SSP3418 Customer had a keycert with a private key signed using
a SHA256 algorithm (generated by Certificate Wizard). When the
Customer upgraded to SSP3420, the SSL handshake failed with the
message
  Exception processing input certificate -
java.security.cert.CertificateException - Unsupported PKCS8
format.  oid1=[1.2.840.113549.1.5.13],
oid2=[1.2.840.113549.1.5.12]

Problem conclusion

  • If the keycert used in the above workaround contains multiple
CA's, this fix will allow the generated PKCS12 file to be
imported into the SSPCM.

Temporary fix

  • Fixed in RTC465113 in SSP3420 iFix 3 Plus.

Comments

  • 



APAR Information




    

  • APAR number
    IT09708
    • 

  • Reported component name
    STR SECURE PROX
    • 

  • Reported component ID
    5725D0300
    • 

  • Reported release
    342
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2015-06-25
    • 

  • Closed date
    2015-07-24
    • 

  • Last modified date
    2015-07-24
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR SECURE PROX
    • 

  • Fixed component ID
    5725D0300
    • 



Applicable component levels


    

  • R342  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"342","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            24 July 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback