Troubleshooting
Problem
New Nav leverages Cryptographic Services to enable further security of important files by using Master Key 1.
Symptom
If Master Key 1 is not Loaded and Set, New Navigator will present warnings showing how to complete the process.
Cause
Further encryption was needed to protect two areas of New Navigator:
1. The keystore where New Navigator holds certificate data.
2. The individual users preferences files where users credentials are cached, which is used when "Prompt for login information and store it for future use" is set as the authentication method.
Environment
IBM i V7R3 and higher
Resolving The Problem
Further information on IBM i Cryptographic Services can be found here: IBM i Cryptographic Services
Considerations for using Cryptographic Services:
- Cryptographic Services is available on the system for all applications. Master Key 1 can be used by other applications outside of New Navigator.
- Take consideration of all applications that could be using Master Key 1 before performing a Load and Set on an existing Master Key 1 configuration.
- New Navigator will use any current configuration of Master Key 1 without any configuration needed from users. No steps are needed when Master Key 1 is already in place.
NOTE:
New Navigator does not require Master Key 1 to be Loaded and Set in order to function. You receive various warnings you can exit out of and continue to work. Any use of TLS for the GUI node and any endpoint nodes cannot be saved until Master Key 1 is set. Users have to repeatedly trust the certificates again on every use. The same applies to the use of "Prompt for login information and store it for future use" authentication method. Users credentials are not saved and users are forced to manually provide credentials each time.
If Master Key 1 has been Loaded and Set, New Navigator will pick up and use the current Master Key 1 and its passphrase. Nothing further is needed from New Navigator and users are not prompted asking for it to be loaded. To confirm, go to Serviceability (Wrench Icon) -> Connection Properties -> Cryptographic Services to view the current configuration. The green check mark shows when Master Key 1 is already set and being used on the system.
If Master Key 1 has not been set on the system, users are prompted with the following warning:
To set Master Key 1 for use with New Navigator, go to Serviceability (Wrench Icon) -> Connection Properties -> Cryptographic Services. The status show as a yellow check mark with a button to Load. Hit the Load button and provide a passphrase to use for Master Key 1. Make note of this passphrase for any future use. The status will show a green check mark when complete.
If Master Key 1 is not already set, that confirms no other applications on the system are using it.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
08 December 2023
UID
ibm16541302