PK45448: CWPKI0032E: ERROR CREATING A SELF-SIGNED CERTIFICATE AFTER STARTUP OF MIGRATED DEPLOYMENTMANAGER

 Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for HP-UX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Windows
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for i5/OS
6.1.0.11 WebSphere Application Server V6.1 Fix Pack 11 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server



APAR status
Closed as program error.

Error description
After starting a migrated WebSphere V6.1 DeploymentManager, the
following error surfaces in the control region.

CWPKI0032E: Error creating a self-signed certificate. The
exception that occurred is: safkeyring:/WASKeyring (EDC5129I No
such file or directory. (errno2=0x05620062)), and the dmgr fails
to start (ABEND=SDC3 U0000 REASON=000C0008)

The DeploymentManager is attempting to access a safkeyring
keystore or truststore as an hfs based file.

The security.xml will a cell level keystore indicating that
the location="safkeyring:///WASKeyring"
fileBased="true"

<keyStores xmi:id="KeyStore_1" name="CellDefaultKeyStore"
password="{xor}Lz4sLCgwLTs=" provider="IBMJCE"
location="safkeyring:///WASKeyring" type="JKS" fileBased="true"
hostList="" managementScope="ManagementScope_1"/>

<keyStores xmi:id="KeyStore_2" name="CellDefaultTrustStore"
password="{xor}Lz4sLCgwLTs=" provider="IBMJCE"
location="safkeyring:///WASKeyring" type="JKS" fileBased="true"
hostList="" managementScope="ManagementScope_1"/>
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V6.1 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Customers will find that their servers  *
*                      will not start after migration due to   *
*                      missing keyfiles. Message issued is:    *
*                                                              *
*                      CWPKI0032E: Error creating a            *
*                      self-signed certificate is issued.      *
*                                                              *
*                      The exception that occurred is:         *
*                      safkeyring:/WASKeyring (EDC5129I No     *
*                      such file or directory.                 *
*                      (errno2=0x05620062)).                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The server runtime has been updated to require that SAFKeyRing
/ RACF keys be listed as non-file based.  The file based
setting was ignored on prior releases, therefore migration did
not change this value from it's default value of 'true' during
the migration from the prior release.
Problem conclusion
Migration has been updated to correctly detect safkeyring /
RACF key stores and set the valid in the configuration's
security.xml to state that the keys are not file based.

APAR PK45448 is currently targeted for inclusion in Service
Level (Fix Pack) 6.1.0.11 of WebSphere Application Server V6.1
for z/OS.
Temporary fix Comments
APAR information
APAR number PK45448
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 610
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2007-05-18
Closed date 2007-07-24
Last modified date 2007-10-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSN    UP
R601 PSN    UP
R610 PSY UK28841    UP07/09/18 P F709

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK45448.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 610
Software edition:
Reference #: PK45448
IBM Group: Software Group
Modified date: Oct 2, 2007