IBM Support

IY37940: AM GENERATES CERTIFICATE SERIAL NUMBERS THAT ARE INADEQUATE FOR OS/390 AND Z/OS CONNECTIVITY.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When the OS/390 V2R10 or z/OS V1R1 pdacld server attempts to
bind to
the
distributed pdmgrd , the bind fails with the following message
in the
log.
.
                        HPDJ00450I Could not bind to server
(pokpd02.pok.ibm.com, 0x132120ca)
.
The bind failure results from the secure socket connection being
denied
by
System SSL due to an ASN.1 failure when processing the server's
certificate.  The ASN.1 failure is due to the serial number
being left
padded with zeros.  In OS/390 V1R10 and z/OS V1R1, System SSL's
ASN.1
does
not support the padding of the serial number.  The following is
an
example
of the pdacld's server certificate with the padded serial
number.
.
Label: HPDPD Server
Certificate ID: 2QbXxMHD08TI18TXxEDihZmlhZlA
Status: TRUST
Start Date: 2002/12/02 13:08:30
End Date:   2002/12/05 13:08:30
Serial Number:
     >00001024<
this field should be 1024
Issuer's Name:
     >CN=pdca.O=Policy Director.C=US<
Subject's Name:
     >CN=pdacld-dceimgtn.endicott.ibm.com.O=Policy
Director.C=US<

Local fix

  • 



Problem summary


    

  •  see main problem description

    



Problem conclusion


    

  •  This is fixed in 4.10-TAM-0001E via CMVC int
ernal defects 24078 and 28709.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IY37940
    • 

  • Reported component name
    ACCESS MGR BASE
    • 

  • Reported component ID
    5724C0801
    • 

  • Reported release
    410
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2002-12-06
    • 

  • Closed date
    2003-05-09
    • 

  • Last modified date
    2003-05-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    ACCESS MGR BASE
    • 

  • Fixed component ID
    5724C0801
    • 



Applicable component levels


    

  • R410  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"410","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            09 May 2003
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback