PK16652: JAVA.SECURITY.KEYSTOREEXCEPTION: NULL WHEN SETTING UP AN LDAP REGISTRY WITH A JSSE REPERTOIRE WITH SAFKEYRING URI | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Customer has setup an LDAP user registry with an SSL Configuration pointing to an SSL Repoirtoire. The SSL Repoirtoire has a Key File Name/Trust File Name with a safkeyring uri. . The following error was seen in the job output. Trace: 2005/05/26 11:48:25.245 01 t=7E4E88 c=UNK key=P8 (0000000A) Description: Log Boss/390 Error from filename: ./bborjtr.cpp at line: 830 The keystore or truststore type specified is invalid. Adjusting to use the correct type, however, please correct the SSL configuration for performance reasons. ver, please correct the SSL configuration for performance reasons. . Trace: 2005/05/26 11:48:25.395 01 t=7E4E88 c=UNK key=P8 (13007002) FunctionName: com.ibm.ws.security.registry.ldap.LdapRegistryImpl SourceId: com.ibm.ws.security.registry.ldap.LdapRegistryImpl Category: ERROR ExtendedMessage: SECJ0352E: Could not get the users matching the pattern cn=BBOS001,ou=users,o=company,c=be because of the followinng exception javax.naming.CommunicationException:javax.naming.CommunicationEx ception: myurl.this.company.bank:636.Root exception is java.io.IOException: java.securty.KeyStoreException: null com.ibm.ws.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.ja .at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod AccessorImpl .at java.lang.reflect.Method.invoke(Method.java:391) com.sun.jndi.ldap.Connection.createSocket(Connection.java:341) .at com.sun.jndi.ldap.Connection.<init>(Connection.java:211) .at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1685) .at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616) .at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.jav com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactor javax.naming.InitialContext.getDefaultInitCtx(InitialContext.jav .at javax.naming.InitialContext.init(InitialContext.java:233) .at javax.naming.InitialContext.<init>(InitialContext.java:209) javax.naming.directory.InitialDirContext.<init>(InitialDirContex com.ibm.ws.security.registry.ldap.LdapConfig.getRootDSE(LdapConf com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getRootDSE(LdLocal fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: The message "SRVE0500W: The keystore or * * truststore type specified is invalid." * * appears in the servant region job log * * when creating a new JSSE SSL * * repertoire using a safkeyring:/// URI * * as the Key File Name or Trust File * * Name. * **************************************************************** * RECOMMENDATION: * **************************************************************** When creating a new JSSE SSL repertoire in the Administrative Console (Security > SSL > New JSSE Repertoire) you only have 3 choices when choosing a Key File Format or Trust File Format (JKS, PKCS12 and JCEK). The problem arises if you want to use a safkeyring:/// URI as the Key File Name or Trust File Name with a Key/Trust File Format that is not in the choices on the admin console, such as a JCERACFKS key store. If the default value of JKS is chosen in the admin console, at runtime, all possible Key Store formats should have been tried but instead only the Key Store types JKS, PKCS12 and JCEKs were checked.Problem conclusion At runtime allow for JCERACFKS as a possible Key Store format when creating/using a JSSE SSL repertoire. APAR PK16652 is associated with SERVICE LEVEL W502038 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PK06785 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PK16652.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK16652
IBM Group: Software Group
Modified date: Feb 2, 2006
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.