IBM Support

OA66212: RA.5.2 GENERATES RACDCERT COMMAND WITH PARAMETERS ICSF AND SIZE(4096) RESULTING IN IRRD125I

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • RA.5.2 generates RACDCERT command with parameters ICSF and
    SIZE(4096) resulting in IRRD125I.
    
    When a key type of "RSA Modulus-Exponent in PKDS" is selected
    after specifying the "Size of new private key" of 4096, the
    RACDCERT command generated results in RACF message:
    
    IRRD125I The key size that was specified or defaulted is not
    acceptable.  The request is not processed.
    

Local fix

  • Replace ICSF in the generated command with RSA(PKDS).
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin exploiting the        *
    *                 'Generate new certificate and a              *
    *                 public/private key pair' function in         *
    *                 interactive mode (option RA.5.2).            *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin might generate incorrect  *
    *                      RACF commands to generate a digital     *
    *                      certificate resulting in a MSGIRRD125I  *
    *                      when these commands are executed.       *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When a key type of "RSA Modulus-Exponent in PKDS" is selected
    on the CKRP3DS2 panel after specifying a key size of 4096 on the
    initial RA.5.2 panel (CKRP3DS1), zSecure Admin generates an
    invalid RACDCERT command with a  'SIZE(4096)' argument not valid
    for key type "RSA ME". Upon execution, the generated command
    results in a MSGIRRD125I which begins with the text "The key
    size that was specified or defaulted is not acceptable...".
    

Problem conclusion

  • zSecure Admin has been modified, so that it only generates
    RACDCERT commands with key sizes that are accepted by RACF when
    using the RA.5.2 interactive option.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA66212

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    250

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-03-04

  • Closed date

    2024-05-24

  • Last modified date

    2024-06-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ95302 UJ95303

Modules/Macros

  • CKRI24   CKRP3DS1 CKRP3DS2
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R250 PSY UJ95303

       UP24/05/25 P F405

  • R310 PSY UJ95302

       UP24/05/25 P F405

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"250","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 June 2024