Fixes are available
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
Client runs cleanupnode on 6.1.0.27 with Security enabled. The following errors are reported : ￸3/10/10 13:19:51:435 CET￵ 0000000a WSKeyStore < openKeyStore Exit ￸3/10/10 13:19:51:485 CET￵ 0000000a WSKeyStore 3 Cannot open keystore URL: /opt/WebSphere61/AppServer/profiles/CCITstLK7DmgrProfile/config/ cells/CC ITstLK7Cell001/CCIWASLK7ClientTrustFile.jks java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big. at com.ibm.security.util.DerInputStream.getLength(DerInputStream.ja va:715) at com.ibm.security.util.DerInputStream.getLength(DerInputStream.ja va:689) at com.ibm.security.util.DerValue.<init>(DerValue.java:253) at com.ibm.security.util.DerInputStream.getDerValue(DerInputStream. java:490 ) at com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav a:258) at com.ibm.security.pkcs12.PFX.<init>(PFX.java:134) at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:1173) at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:488) at com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon troller. java:118) at com.ibm.ws.ssl.config.WSKeyStore.getKeyStore(WSKeyStore.java:410 ) ... ... ￸3/10/10 13:19:51:544 CET￵ 0000000a WSKeyStore E CWPKI0033E: The keystore located at "/opt/WebSphere61/AppServer/profiles/CCITstLK7DmgrProfile/config /cells/C CITstLK7Cell001/CCIWASLK7ClientTrustFile.jks" failed to load due to the following error: DerInputStream.getLength(): lengthTag=127, too big.. ￸3/10/10 13:19:51:545 CET￵ 0000000a AbstractJSSEP 3 Exception caught during init, java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big. ￸3/10/10 13:19:51:553 CET￵ 0000000a JSSEHelper < The following exception occurred in getSSLSocketFactory(). Exit java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big. at com.ibm.security.util.DerInputStream.getLength(DerInputStream.ja va:715) at com.ibm.security.util.DerInputStream.getLength(DerInputStream.ja va:689) at com.ibm.security.util.DerValue.<init>(DerValue.java:253) at com.ibm.security.util.DerInputStream.getDerValue(DerInputStream. java:490
Local fix
Temporarily disable Administrative Security before running cleanupNode.sh * or * Modify the /AppServer/bin/cleanupNode.sh script and change these values D_ARGS=""$D_ARGS" $DELIM -Djavax.net.ssl.trustStore="$USER_INSTALL_ ROOT"/etc/trust.p12" D_ARGS=""$D_ARGS" $DELIM -Djavax.net.ssl.keyStore="$USER_INSTALL_ ROOT"/etc/key.p12" and Modify the setupCmdLine.sh file in the DMgr's profile and change STDINCLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:"$USER_INSTALL_ ROOT"/properties/sas.stdclient.props
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Network Deployment edition, V6.1 * **************************************************************** * PROBLEM DESCRIPTION: APAR PK56643 is ineffective and is * * being removed. * **************************************************************** * RECOMMENDATION: * **************************************************************** The original problem was that cleanupNode.sh would fail with security errors when security was enabled. APAR PK56643 was opened to make a change in cleanupNode.sh via a config action and resolve the problem. However, PK56643 was implemented incorrectly and as a result, the config action never runs. When a fixpack containing PK56643 is installed (fixpacks 6.1.0.17 through 6.1.0.33) , the config action is not found and a message like the following is displayed in the updateconfig.log, indicating that the install process cannot locate the specified .ant file: Removing absent action C:\was61\properties\version\nif\update\config\install\80updateCl eanUpNode.ant from action list. The .ant script named above is installed, but under a slightly different subdirectory and is therefore not found by the install process. Furthermore, the .ant script is incorrect and will not produce the desired result.
Problem conclusion
The config action and .ant script introduced in APAR PK56643 have been removed from the fixpack update process. If cleanupNode.sh is failing with security or permissions errors, the recommend solution is to do the following: Temporarily disable Administrative Security before running cleanupNode.sh OR Edit WAS_HOME/bin/cleanupNode.sh as follows: 1. Change STDINCLIENTSAS to CLIENTSAS 2. The following lines should be deleted from cleanupNode.sh, because the files DummyClientTrustFile.jks and DummyClientKeyFile.jks no longer exist in WebSphere Application Server V6.1. If not deleted, the values in these lines will override the values in the sas.client.props and ssl.client.props file: D_ARGS=""$D_ARGS" $DELIM -Djavax.net.ssl.trustStore="$WAS_HOME"/etc/DummyClientTrustFile. jks" D_ARGS=""$D_ARGS" $DELIM -Djavax.net.ssl.keyStore="$WAS_HOME"/etc/DummyClientKeyFile.jks" D_ARGS=""$D_ARGS" $DELIM -Djavax.net.ssl.trustStorePassword=WebAS" D_ARGS=""$D_ARGS" $DELIM -Djavax.net.ssl.keyStorePassword=WebAS" Alternatively, the values specified in these lines could be changed to contain valid values for your environment. However, the recommended approach is to delete these lines and then provide the correct key and trust store information for this script by updating the sas.client.props and ssl.client.props files. The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.35. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM11111
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-03-29
Closed date
2010-07-28
Last modified date
2010-07-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
25 October 2021