IV84909: 1.TEST UTIMACO HSM 2.SHA256 FINGERPRINTS FOR CERTIFICATE 3.LOAD CMS PROVIDER VIA PROPERTIES

APAR status

Closed as program error.

Error description

Error Message: PB 1. Test Utimaco cause null pointer exception
error when add PKCS11 provider, and delete certificate does not
clear cert# entries sometimes
PB 2. We should support SHA256 fingerprint in ikeyman / ikeycmd
PB 3. ikeyman/ikeycmd should load IBM CMS provider via
properties.
.
Stack Trace: N/A
.

Local fix

PB 1. No workaround.
Pb 2. No workaround, only sha1 fingerprint is displayed.
Pb 3. We can add IBM CMS Provider via ikeyman tool. No support
to add Provider via CLI

Problem summary

PB 1. Security.addProvider(null) returns null pointer exception,
root cause is incorrect PKCS11 provider name syntax. While
creating certificate, PKCS11Config provider creates additional
entries suffixed with cert#, but delete certificate sometimes do
not delete these additional entries.
PB 2. ikeycmd/ikeyman fingerprints only displays SHA1.
PB 3. We can only load IBM CMS provider dynamically via ikeyman
tool using command "Add Provider". But this command does not
apply to CLI (ikeycmd). Ikeyman/ikeycmd need to provide support
to load IBM CMS provider dynamically via properties.

Problem conclusion

PB 1. Add the required null pointer check and suffix PKCS11
provider name with Token label, delete certificate deletes the
additional cert# entries created.
PB 2. ikeycmd/ikeyman fingerprints now support both SHA1 and
SHA256.
PB 3. ikeyman/ikeycmd can now load IBM CMS provider using
property -DADD_CMS_SERVICE_PROVIDER_ENABLED=true. Note: no
change in the existing behaviour of ikeyman tool to add IBM CMS
provider via "Add provider" command.
.
This APAR will be fixed in the following Java Releases:
   8    SR3 FP10  (8.0.3.10)
   6    SR16 FP30 (6.0.16.30)
   7    SR9 FP50  (7.0.9.50)
   7 R1 SR3 FP50  (7.1.3.50)
   6 R1 SR8 FP30  (6.1.8.30)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

Comments

APAR Information

APAR number
IV84909
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-17
Closed date
2016-06-17
Last modified date
2016-06-17

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
SECURITY
Fixed component ID
620700125

Applicable component levels

R270 PSY
UP
R600 PSY
UP
R260 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020

Tips

IV84909: 1.TEST UTIMACO HSM 2.SHA256 FINGERPRINTS FOR CERTIFICATE 3.LOAD CMS PROVIDER VIA PROPERTIES

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R270 PSY

R600 PSY

R260 PSY

Document Information

Share your feedback

Need support?