VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ23014

⇱ IJ23014: KEYTOOL IS UNABLE TO LIST ALL THE CERTIFICATES IN A PKCS12 KEYSTORE IN CERTAIN CONDITIONS

IJ23014: KEYTOOL IS UNABLE TO LIST ALL THE CERTIFICATES IN A PKCS12 KEYSTORE IN CERTAIN CONDITIONS

APAR status

  • Closed as program error.

Error description

  • Error Message: The key tool does not list all the certificates
in a certificate chain. During the loading of a keystore, the
ibmjceprovider was expecting every certificate in the chain to
exist in a keystore as an independent entity. This is incorrect,
since a certificate in a certificate chain may not always exists
as an independent entity.
.
Stack Trace: N/A
.
The problem did not occur in Java 8, SR6 or earlier versions but
only after Java 8, SR6, fp5

Local fix



Problem summary


    

  • keytool is unable to list all the certificates in a PKCS12
keystore in certain conditions



Problem conclusion


    

  • The key tool has been modified to list the certificates in a
certificate chain. While loading a PKCS12 keystore the incorrect
checking if a certificate exists in keystore as an independent
entity has been removed.
The associated Hursley RTC Problem Report is 143211
The associated Austin defect IBMJCE defect: issue59
The associated Austin APAR is IJ22928
JVMs affected: Java 8, SR6FP5.
The fix was delivered for Java 8 ,SR6,FP7
The affected jar is "ibmjceprovider.jar" with the build level:
20200224 (build- 298)
.
This APAR will be fixed in the following Java Releases:
 8 SR6 FP7 (8.0.6.7)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ23014
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-02-25
    • 

  • Closed date
    2020-02-28
    • 

  • Last modified date
    2020-02-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020