VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ40383

⇱ IJ40383: WAS 290602 UNABLE TO CREATE CERTIFICATES WITH THE IBMJCEPLUSFIPS PROVIDER WITH THE NEWCERT() AND NEWSSCERT() APIS

IJ40383: WAS 290602 UNABLE TO CREATE CERTIFICATES WITH THE IBMJCEPLUSFIPS PROVIDER WITH THE NEWCERT() AND NEWSSCERT() APIS

APAR status

  • Closed as program error.

Error description

  • Error Message:
com.ibm.security.certclient.base.PkRejectionException: 3008-714
NoSuchAlgorithmException occurred. Check keyType and
 signing-algorithm specified correctly.
(wraps:java.security.NoSuchAlgorithmException: no such
algorithm:IBMSecureRandom for provider IBMJCEPlusFIPS)
.
Stack Trace:
com.ibm.security.certclient.base.PkRejectionException: 3008-714
NoSuchAlgorithmException occurred. Check keyType and
 signing-algorithm specified correctly. (wraps:
java.security.NoSuchAlgorithmException: no such algorithm:
IBMSecureRandom for provider IBMJCEPlusFIPS)
 at
sun.security.jca.GetInstance.getService(GetInstance.java:99)
 at
sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
 at
java.security.SecureRandom.getInstance(SecureRandom.java:342)
 at
com.ibm.security.certclient.util.PkSsCertFactory$PkSsCertImpl.ge
nerateLocalKey(Unknown Source)
 at
com.ibm.security.certclient.util.PkSsCertFactory$PkSsCertImpl.ge
nerateKeyPairNCert(Unknown Source)
 at
com.ibm.security.certclient.util.PkSsCertFactory$PkSsCertImpl.<i
nit>(Unknown Source)
 at
com.ibm.security.certclient.util.PkSsCertFactory.newSsCert(Unkno
wn Source)
 exception 3008-714 NoSuchAlgorithmException
occurred. Check keyType and signing-algorithm specified
correctly.
.

Local fix



Problem summary


    

  • Unable to create certificates when specifying IBMJCEPlusFIPS as
the JCE Provider when using the newCert() and newSsCert() APIs.



Problem conclusion


    

  • The SecureRandom algorithm "IBMSecureRandom" was dropped from
FIPS compliance, but that Algorithm was the default used by Key
 Certificate Management during key generation. The
code was modified to use "SHA2DRBG" as the SecureRandom
algorithm as the default
 during key generation using the IBMJCEPlusFIPS
provider.
 The associated Hursley RTC Problem Report is 147541
 The associated Austin GIT defect in IBMKCM#20
 The associated Austin APAR is N/A
 The associated WAS defect is 290602
 JVMs affected: Java 8.0
 The fix was delivered for Java 8 sr7 fp15
 The affected jar is ibmkeycert.jar
 The build level of this jar for the affected
releases is Build-Date: 20220524--86

.
This APAR will be fixed in the following Releases:
.
IBM SDK, Java Technology Edition
 8 SR7 FP15 (8.0.7.15)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
maintenance can be found at:
 https://www.ibm.com/support/pages/java-sdk



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ40383
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-06-01
    • 

  • Closed date
    2022-06-01
    • 

  • Last modified date
    2022-06-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 06 July 2022