Unable to import a PKCS12 file that is created by IIS or other non-IBM Web server keystores into a CMS or JKS database
 Technote (troubleshooting)
 
Problem(Abstract)
You are attempting to import a PKCS12 certificate into either a GSKit 5 or 7 keystore that uses IBM® v1.4.2 SDK or later. However, attempting the import causes the CMS database to produce the following error messages:

GSKit 5: "An error occurred while importing the selected keys"
GSKit 7: "The specified database has been corrupted"
 
Cause
The IBM v1.4.2 SDK or v1.5 (5.0) SDK ships with a set of restricted security policy files that might not be able to handle PKCS12 files created with strong encryption.
 
Resolving the problem
  1. Go to IBM HTTP Server Java directory (default is <IHS_ROOT>/java/jre/bin), run java -fullversion to determine which Java version IBM HTTP Server is using.

  2. If you have IBM v1.4.2 SDK, go to the IBM 1.4.2 developer kit: Security information out on IBM developerWorks. If you have IBM v1.5 (5.0) SDK. go to the IBM 1.5 developer kit: Security information out on IBM developerWorks

  3. Click the IBM SDK Policy files link and download the Unrestricted Policy files for your 1.4.2 SDK or 1.5 SDK.

  4. Close iKeyman.

  5. Back up the local_policy.jar and US_export_policy.jar files located in the following directory:

    Java_home/lib/security

  6. Place the new files, previously downloaded, into the following directory:

    Java_home/lib/security


    Note: Java_home location of GSKIT5 or GSKIT7 are set in ikeyman.bat (or ikeyman.sh) file located in IBM_HTTP_Server/bin direcotry.
  1. Restart iKeyman.

  2. Try the import of the .p12 file into the key database.

IBM's SDKs ship with strong but limited jurisdiction policy files. Unlimited jurisdiction policy files can be obtained from the link above. The ZIP file should be unpacked and the two JAR files placed in the JRE's jre/lib/security/ directory. These policy files are for use with IBM developed SDKs. The same files are used for the Version 1.4 and Version 5 SDKs. Details of downloads of unlimited jurisdiction policy files for the Solaris and HP platforms can be found in the IBM Security Guide for those platforms. It is recommended to always use the latest policy files from IBM.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > SSL
Operating system(s): Windows
Software version: 6.1
Software edition:
Reference #: 1201170
IBM Group: Software Group
Modified date: Mar 22, 2005