|
Problem(Abstract) |
You are attempting to import a PKCS12 certificate into
either a GSKit 5 or 7 keystore that uses IBM® v1.4.2 SDK or later.
However, attempting the import causes the CMS database to produce the
following error messages:
GSKit 5: "An error occurred while importing the selected keys"
GSKit 7: "The specified database has been corrupted" |
|
|
|
Cause |
The IBM v1.4.2 SDK or v1.5 (5.0) SDK ships with a set of
restricted security policy files that might not be able to handle PKCS12
files created with strong encryption. |
|
|
Resolving the
problem |
- Go to IBM HTTP Server Java directory (default is
<IHS_ROOT>/java/jre/bin), run java -fullversion to determine which
Java version IBM HTTP Server is using.
- If you have IBM v1.4.2 SDK, go to the IBM 1.4.2
developer kit: Security information out on IBM developerWorks. If you
have IBM v1.5 (5.0) SDK. go to the IBM 1.5
developer kit: Security information out on IBM developerWorks
- Click the IBM SDK Policy files link and download the
Unrestricted Policy files for your 1.4.2 SDK or 1.5 SDK.
- Close iKeyman.
- Back up the local_policy.jar and
US_export_policy.jar files located in the following directory:
- Place the new files, previously downloaded, into the following
directory:
Java_home/lib/security |
Note: Java_home location of GSKIT5 or GSKIT7 are set in
ikeyman.bat (or ikeyman.sh) file located in IBM_HTTP_Server/bin
direcotry. |
- Restart iKeyman.
- Try the import of the .p12 file into the key database.
IBM's SDKs ship with strong but limited jurisdiction
policy files. Unlimited jurisdiction policy files can be obtained from the
link above. The ZIP file should be unpacked and the two JAR files placed
in the JRE's jre/lib/security/ directory. These policy files are for use
with IBM developed SDKs. The same files are used for the Version 1.4 and
Version 5 SDKs. Details of downloads of unlimited jurisdiction policy
files for the Solaris and HP platforms can be found in the IBM Security
Guide for those platforms. It is recommended to always use the latest
policy files from IBM. |
|
|
|
|
|
|
|