IBM Support

Unable to access SSL certificate database in CS/WIN 6.4

Troubleshooting


Problem

The Key Management Utility in Communications Server for Windows, Version 6.4 is unable to open the CS/WIN key database to manage SSL certificates.

Symptom

The Key Management Utility does not have the option CMS in the list for Key database type.

Cause

CS/WIN 6.4 provides a Java JRE for use by the Key Management Utility, but the appropriate security provider definition was not included in the Java configuration.

Resolving The Problem

To correct this, use notepad to edit the file:
%snaroot%\jre\lib\security\java.security
The variable snaroot is defined to be the CS/WIN install location which by default is C:\Program Files\IBM\Communications Server\

Find the section that contains lines similar to the following (you may not have exactly the same list):

# List of providers and their preference orders (see above):
#
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO

Add "security.provider.<n>=com.ibm.security.cmskeystore.CMSProvider" to the end of the list, changing <n> to the next index number in sequence. For example, in the list above, add the following line to the end of the list:
security.provider.10=com.ibm.security.cmskeystore.CMSProvider

Now restart the Key Management Utility. When you open a database, CMS should now be one of the available options for Key database type.

Once CMS is selected for Key database type, the default File Name shown is key.kdb. The file name that CS/WIN uses and requires is ibmcs.kdb. The default Location shown should be correct; to verify, it should be the PRIVATE directory in the CS/WIN install location.

[{"Product":{"code":"SSHQNF","label":"Communications Server for Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"All","Platform":[{"code":"PF033","label":"Windows"}],"Version":"6.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

cswin cs/win communications server for windows comm server commserver csnt cs/nt

Document Information

Modified date:
02 August 2018

UID

swg21419649