IBM Support

IT17719: After GSKit upgrade to 8.0.50.69 invalid keystore format error seen when using AMQP channel

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • After a GSKit upgrade to 8.0.50.69 or later an error reporting
    an invalid keystore format is returned when the AMQP channel
    attempts to load the java KeyStore.
    
    java.lang.RuntimeException: Invalid KeyStore Format.
    	at
    com.ibm.security.cmskeystore.CMSKeyStoreSpi.engineLoad(CMSKeySto
    reSpi.java:1249)
    	at java.security.KeyStore.load(KeyStore.java:1456)
    	at
    com.ibm.mq.communications.Communications.getKeyStore(Communicati
    ons.java:613)
    	at
    com.ibm.mq.communications.Communications.getSSLContext(Communica
    tions.java:474)
    	at
    com.ibm.mq.communications.NonBlockingListener.start(NonBlockingL
    istener.java:203)
    	at
    com.ibm.mq.communications.NonBlockingListener.start(NonBlockingL
    istener.java:110)
    	at
    com.ibm.mq.communications.Communications.start(Communications.ja
    va:191)
    	at
    com.ibm.mq.MQXRService.MQTTCommunications.start(MQTTCommunicatio
    ns.java:729)
    	at
    com.ibm.mq.MQXRService.MQXRService.startQueueManagerDefinedChann
    els(MQXRService.java:1859)
    	at
    com.ibm.mq.MQXRService.MQXRService.start(MQXRService.java:715)
    	at
    com.ibm.mq.MQXRService.MQXRService.run(MQXRService.java:388)
    	at
    com.ibm.mq.MQXRService.RunMQXRService.runMQXRService(RunMQXRServ
    ice.java:195)
    	at
    com.ibm.mq.MQXRService.RunMQXRService.main(RunMQXRService.java:6
    6)
    Caused by: java.security.InvalidParameterException: password is
    not ASCII
    	at
    com.ibm.security.cmskeystore.NonPrintableAsciiPBEKey.<init>(NonP
    rintableAsciiPBEKey.java:50)
    	at
    com.ibm.security.cmskeystore.DatabaseHashGeneratorFactory$Databa
    seHashGeneratorV4Impl.generateHash(DatabaseHashGeneratorFactory.
    java:163)
    	at
    com.ibm.security.cmskeystore.QueryableKeyDatabaseFactory$Queryab
    leKeyDatabaseImpl.checkKeyStoreIntegrity(QueryableKeyDatabaseFac
    tory.java:198)
    	at
    com.ibm.security.cmskeystore.CMSKeyStoreSpi.engineLoad(CMSKeySto
    reSpi.java:1241)
    	... 12 more
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This issue affects users of the AMQP service with a keystore
    defined containing certificates to secure the channels.
    
    
    Platforms affected:
    Windows, AIX, Linux on x86-64
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    When the AMQP service was started, there was an attempt to load
    the keystore to get the certs for SSL-enabled channels. This
    failed because the way the keystore was being loaded was no
    longer valid, following a modification of allowed behaviour due
    to a GSKit update.
    

Problem conclusion

  • The method used to load the keystore now works correctly, and
    the service starts successfully without error.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.6
    v9.0 CD    9.0.2
    v9.0 LTS   9.0.0.1
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT17719

  • Reported component name

    WMQ BASE MULTIP

  • Reported component ID

    5724H7251

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-10-28

  • Closed date

    2016-12-21

  • Last modified date

    2017-06-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ BASE MULTIP

  • Fixed component ID

    5724H7251

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
01 June 2017