IBM Support

IT24560: SOA OUTBOUND SECURITY SERVICE CREATES A CORRUPTED SUBJECTKEYIDENTIFIER ENTRY FOR SHORT SUBJECT KEYS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • If the Subject Key of a certificate does not follow the
    recommendation of RFC 3280 and is not build as hash, the SOA
    Outbound Security Service creates a SubjectKeyIdentifier that
    contains the Subject Key and some invalid characters.
    

Local fix

  • STRRTC - 564784
    SKor/SKor
    
    Circumvention:
    Change the certificate and use a certificate that
    follows the recommendation of RFC 3280
    

Problem summary

  • Users Affected:
    Customer using SOA Security Service
    
    
    Problem Description:
    SOA Security Service uses a certificate public key digest,
    rather than the certificate's SubjectKeyIdentifier.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Resolution Summary:
    
    A code fix is provided.
    
    Added new property to control if the SubjectKeyIdentifier in the
    certificate should be used to generate the SOA Security Service
    64 bit KeyIdentify field.  To use the certificates SKI, add the
    soa.useSKIFromCert=true to the customer_overrides properties
    file.
    
    Delivered In:
    6000000
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT24560

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    526

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-03-28

  • Closed date

    2018-07-09

  • Last modified date

    2018-08-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

Document Information

Modified date:
29 August 2018