IJ54488: KEY CERTIFICATE MANAGEMENT - EXTENDED KEY USAGE CANNOT BE SET WITHOUT HAVING KEY USAGE EXTENSION IN CERTIFICATE REQUEST

APAR status

• Closed as program error.

Error description

• Error Message: N/A
  .
  Stack Trace: N/A
  .
  During CSR generation, when Client Auth and Server Auth are
  selected, these options are not being honored in the generated
  request.
  

Local fix

Problem summary

• Key Certificate Management - Extended Key Usage cannot be set
  without having Key Usage extension in certificate request
  

Problem conclusion

• Component affected - Key Certificate Management
  
  What was fixed:
  
  ? Key Certificate Management allows setting of Extended Key
  Usage and Key Usage extension independently of each other in
  certificate request
  ? Key Certificate Management returns the proper algorithm name
  for EdDSA keys.
  
  GIT Issue - 70 (IBMKCM)
  GIT Issue - 790 (IBMJCEPlus)
  
  RTC - 152595
  
  ibmkeycert.jar
  build_20250422--567
  
  JVM to be delivered in - JDK 8 SR8FP50
  .
  This APAR will be fixed in the following Releases:
  .
  IBM Semeru Runtimes
  IBM SDK, Java Technology Edition
   8 SR8 FP50 (8.0.8.50)
  .
  Downloads and supplementary documentation can be found at the
  following locations:
  - For non z/OS operating systems:
   - IBM Semeru Runtimes, Version 11 and later
   https://www.ibm.com/semeru-runtimes/downloads/
   - IBM SDK, Java Technology Edition, Version 8
   https://www.ibm.com/support/pages/java-sdk-downloads/
  - For the z/OS operating system:
   - Java SDK Products on z/OS
   https://www.ibm.com/support/pages/java-sdk-products-zos
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  SECURITY

• Fixed component ID

  620700125

Applicable component levels