IBM Support

IT16811: NEW CA SIGNED PKCS12 CERT CHECKED INTO SYSTEM REPOSITORY SHOWS ROOT CERTIFICATE INFO INSTEAD OF CA SIGNED CERTIFICATE INFO

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

Direct links to fixes

iSeries_Media_5020602_2.zip
iSeries_Media_5020602_2.zip
Media_IM_5020602_2
Media_IM_5020602_2

 

APAR status

  • Closed as program error.

Error description

  • When a new CA signed PKCS12 certificate (.pfx) is checked into
the System Repository, the display of the certificate
incorrectly shows the root certificate information instead of
the CA digitally signed certificate information. The thumbprint
is correct for the digitally signed public certificate, but the
valid dates, issuer, and subject are incorrect because it
displays the root certificate information.
This issue occurs only on Sterling Integrator version 5.2.6.2
for Chain Certificates, where Private Key and corresponding
Certificates are packaged into a .pfx file, which is generated
using IBM's iKeyMan Tool. When the same certificate is checked
into any version of Sterling Integrator prior to 5.2.6.2; i.e.
5.2.4.2, 5.2.5, or 5.2.6.1, the certificate information is
displayed correctly.

Local fix

  • STRRTC - 511166
LB / LB
Circumvention: None

Problem summary

  • Users Affected:
ALL

Problem Description:
When new CA signed PKCS12 CERT (.PFX) is checked into the system
repository, the certificate shows the root certificate
information instead of the CA signed certificate information.

Platforms Affected:
ALL

Problem conclusion

  • Resolution Summary:
A code fix is provided.
Post this code fix, when Certificates in .pfx format generated
using IBM's iKeyMan Tool and processed through an intermediate
software are imported into the System Repository of Sterling
Integrator, the Certificate Summary page shows the correct
leaf-certificate information. However, checking in of .pfx files
 generated using the iKeyMan Tool directly into the System
Repository of Sterling Integrator is not recommended.

Delivered In:
5020602_2
5020603

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT16811
    • 

  • Reported component name
    STR B2B INTEGRA
    • 

  • Reported component ID
    5725D0600
    • 

  • Reported release
    526
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-08-29
    • 

  • Closed date
    2016-10-04
    • 

  • Last modified date
    2016-12-15
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR B2B INTEGRA
    • 

  • Fixed component ID
    5725D0600
    • 



Applicable component levels


    

  • R526  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            15 December 2016
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback