|
Problem(Abstract) |
The problem was found by a customer using Web Services
with security enabled on a HP platform. The error seen running the Web
Services application was:
-
WSEC5184E: The key with "ggggg" alias can´t be loaded from the
Key store "/sss/WebSphere/AppServer/etc/ws-security/xxx/
dsig-receiver.ks" (The password could be wrong):
java.security.UnrecoverableKeyException: Cannot recover key |
|
|
|
Cause |
The java.security file that ships with the HPUX® and Sun
Solaris version of IBM® WebSphere® Application Server V5.0 is incorrect.
It contains the list of security providers in the wrong order.
The file contains the following list:
security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.jsse.IBMJSSEProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
# security.provider.6=com.ibm.crypto.pkcs11.provider.IBMPKCS11
The correct list should be:
security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=sun.security.provider.Sun
security.provider.4=com.ibm.jsse.IBMJSSEProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
-
It is important to have com.ibm.crypto.provider.IBMJCE before
sun.security.provider.Sun |
|
|
Resolving the
problem |
Edit the java.security file to contain the correct
security.provider list. It is located in
<WAS install directory>/java/jre/lib/security.
The problem is described in APAR PK11210 which has been closed as a
Permanent Restriction in this release.
|
|
|