IBM Support

OA56240: IN RA.5.1, THE CERTIFICATE CN INCORRECTLY INCLUDES DC ATTRIBUTESWHICH CAN BE CONFUSING WHEN SEARCHING BY CN.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • RA.5.1 incorrectly displays domainComponent attributes as part
    of the Common Name.
    This leads to confusion when searching for a certificate by
    subject or issuer's DN and a search filter of CommonName (CN)
    is specified which includes the DC attributes, because the
    certificate cannot be found.
    This is because the DC attributes are not part of the Common
    Name.
    

Local fix

  • Search using the "Search IssuersDN", not the CN= component.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin processing digital    *
    *                 certificates.                                *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin does not support the      *
    *                      'domain component'/dc attribute type    *
    *                      in the 'subject' and 'issuer'           *
    *                      certificate' fields as defined by the   *
    *                      RCF4519 and RCF5280.                    *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided and review the        *
    *                 documentation updates.                       *
    ****************************************************************
    When the digital certificate field contain domain attributes,
    zSecure Admin does not provide a proper indication for them in
    the reports and there is no functionality to specify the
    appropriate selection filters based on the domain attributes.
    

Problem conclusion

  • zSecure Admin has been extended so that the 'domain component'
    attribute type in the 'subject' and 'issuer' certificate fields
    is now supported. Please note the documentation updates as
    specified by the APAR tracking comment data.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA56240

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    230

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-09-28

  • Closed date

    2018-11-14

  • Last modified date

    2018-12-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA97928 UA97929

Modules/Macros

  • C2R3R5P  C2R3R5Q  C2RP3R5Z CKRGEVL  CKRINPO  CKROUPUT CKRP3R52
    CKRP3R53 CKRP3TKZ GKRGEVL  GKRINPO  GKROUPUT
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R230 PSY UA97928

       UP18/11/22 P F811

  • R231 PSY UA97929

       UP18/11/22 P F811

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Edition":""}]

Document Information

Modified date:
12 December 2018