VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ01501

⇱ IJ01501: KEYTOOL HELP INFORMATION FOR -CERTREQ, -SELFCERT AND -GENCRL COMMANDS ARE INCORRECT.

IJ01501: KEYTOOL HELP INFORMATION FOR -CERTREQ, -SELFCERT AND -GENCRL COMMANDS ARE INCORRECT.

APAR status

  • Closed as program error.

Error description

  • Error Message: The help information displayed for the following
keytool commands are incorrect:
keytool -certreq -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -selfcert -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -gencrl -help shows incorrectly -ext
X.509_certificate_extensions as a valid option.
.
Stack Trace: N/A
.
While the help information is incorrect, keytool -certreq
command processes the -ext X.509_certificate_extensions
correctly and the extensions are added to the certificate
request.
Similarly, the keytool -selfcert command processes the -ext
X.509_certificate_extensions correctly and the extensions are
added to the self signed certificate.
The keytool -gencrl command ignores the -ext
X.509_certificate_extensions while generating a CRL file.

Local fix

  • The problem can be worked around by specifying the -ext option
as argument while generating (-certreq) certificate requests and
self signed certificates(-selfcert).

Problem summary

  • The help information displayed for the following keytool
commands are incorrect:
Keytool -certreq -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -selfcert -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -gencrl -help shows incorrectly -ext
X.509_certificate_extensions as a valid option.

Problem conclusion

  • The keytool has been updated to display -ext
X.509_certificate_extensions as a valid option for -certreq and
-selfcert commands.
The keytool has been updated not to display -ext as a valid
option while generating a CRL file.
.
This APAR will be fixed in the following Java Releases:
 7 SR10 FP15 (7.0.10.15)
 8 SR5 FP5 (8.0.5.5)
 7 R1 SR4 FP15 (7.1.4.15)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ01501
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    260
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-11-08
    • 

  • Closed date
    2017-11-09
    • 

  • Last modified date
    2017-11-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels


    

  • R260 PSY
       UP
    • 

  • R270 PSY
       UP
    • 







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020