APAR status
Closed as program error.
Error description
When running the wsadmin AdminTask.createKeyStore command to create a KDB keystore, it fails with the error: Exception loading the CMS keystore. java.lang.NullPointerException at com.ibm.ws.ssl.config.CMSKeyStoreUtility.usePQCForCMSKeysto re(CMSKeyStoreUtility.java:227) at com.ibm.ws.ssl.config.CMSKeyStoreUtility.loadCMSKeyStore(CM SKeyStoreUtility.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcc essorImpl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM ethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at com.ibm.ws.ssl.config.WSKeyStore.loadKeyStoreWithCMSKeyStor eUtility(WSKeyStore.java:981)
Local fix
Running command in interactive mode will still work
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * * who creates CMS keystore using wsadmin * * command * **************************************************************** * PROBLEM DESCRIPTION: wsadmin AdminTask.createKeyStore * * command * * to create a KDB keystore fails with * * NullPointerException. * **************************************************************** * RECOMMENDATION: * **************************************************************** This issue is a side effect of the changes implemented in PH57998, which introduced a n with the Java updates under specific conditions. A NullPointerException (NPE) was triggered when attempting to fetch the server configuration via wsadmin command.
Problem conclusion
After CMSProvider is updated to version 2.65 or above, gskkeyman.cmd is no longer able to open plugin-key.kdb created by the WebSphere. The issue is observed on Z/OS platform, IBM i platform or when the WebSphere plugin has FIPS enabled. To check the CMS provider version, execute ikeyman.bat/sh - DADD_CMS_SERVICE_PROVIDER_ENABLED=true in the {profile_dir}/bin directory. Then, in ikeyman, select 'Help' > 'About ikeyman' to view the version. On zOS platform and IBMi platform, the code has been updated to change the way plugin-key.kdb created. On non-zOS or IBM i platform, the following custom property should be set to false if FIPS is enabled on WebSphere plugin. From the adminconsole, click Security > Global security > Custom properties. Then click New to add a new custom property and its associated value. Custom property: com.ibm.websphere.security.cms.usepqc Default value: true (false if FIPS is enabled on WebSphere plugin) To create a plugin-key.kdb from the wsadmin command line, pass the above custom property as a JVM property. For example, > wsadmin.bat -javaoption "- Dcom.ibm.websphere.security.cms.usepqc=false" -conntype NONE - lang jython -f testCMS.py -- Sample testCMS.py -- result=AdminTask.createKeyStore('[-keyStoreName myCMSKeyStoreTest -keyStoreType CMSKS -keyStoreLocation c:\\temp\\myCMSKeyStore.kdb -keyStorePassword ***** - keyStorePasswordVerify ***** -keyStoreStashFile true ]') print result AdminConfig.save() ------------------- The fix for this APAR is targeted for inclusion in fix pack 8.5.5.26 and 9.0.5.21. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH60850
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-04-11
Closed date
2024-05-07
Last modified date
2024-06-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Document Information
Modified date:
20 June 2024