A fix is available
APAR status
Closed as program error.
Error description
RA.5.2 generates RACDCERT command with parameters ICSF and SIZE(4096) resulting in IRRD125I. When a key type of "RSA Modulus-Exponent in PKDS" is selected after specifying the "Size of new private key" of 4096, the RACDCERT command generated results in RACF message: IRRD125I The key size that was specified or defaulted is not acceptable. The request is not processed.
Local fix
Replace ICSF in the generated command with RSA(PKDS).
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Admin exploiting the * * 'Generate new certificate and a * * public/private key pair' function in * * interactive mode (option RA.5.2). * **************************************************************** * PROBLEM DESCRIPTION: zSecure Admin might generate incorrect * * RACF commands to generate a digital * * certificate resulting in a MSGIRRD125I * * when these commands are executed. * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** When a key type of "RSA Modulus-Exponent in PKDS" is selected on the CKRP3DS2 panel after specifying a key size of 4096 on the initial RA.5.2 panel (CKRP3DS1), zSecure Admin generates an invalid RACDCERT command with a 'SIZE(4096)' argument not valid for key type "RSA ME". Upon execution, the generated command results in a MSGIRRD125I which begins with the text "The key size that was specified or defaulted is not acceptable...".
Problem conclusion
zSecure Admin has been modified, so that it only generates RACDCERT commands with key sizes that are accepted by RACF when using the RA.5.2 interactive option.
Temporary fix
Comments
APAR Information
APAR number
OA66212
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
250
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-03-04
Closed date
2024-05-24
Last modified date
2024-06-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ95302 UJ95303
Modules/Macros
CKRI24 CKRP3DS1 CKRP3DS2
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"250","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
03 June 2024