VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ55548

⇱ IJ55548: THE PKCS12 KEYSTORE LOAD OPERATION RETURNS AN INCOMPLETE CERTIFICATE CHAIN.

IJ55548: THE PKCS12 KEYSTORE LOAD OPERATION RETURNS AN INCOMPLETE CERTIFICATE CHAIN.

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: N/A
.
The certificate chain displayed is truncated at the first
 expired certificate. The certificate chain
length does not
 indicate the full certificate chain length.

Local fix

  • Import the updated end-entity certificate along with its valid
 certificate chain, ensuring all certificates have
current expiry
 dates.

Problem summary

  • During loading of a PKCS12 KeyStore the certificate chain
 construction for a private key entry was stopped at
the first
 expired certificate in the chain.

Problem conclusion

  • The PKCS12 KeyStore load operation has been updated to return
the
 full certificate chain for a private key,
irrespective of the
 certificate's expiration status.
 A fix is made to IBMJCE provider
 The associated Hursley RTC Problem Report is 152858
 The associated Austin git defect is IBMJCE #313
 The associated Austin APAR is IJ55118 JVMs affected:
Java 8
 The fix was delivered for Java 8 SR8 FP55
 The affected jar is "ibmjceprovider.jar".
 The build level of this jar for the affected release
is 20250806-485

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
 8 SR8 FP55 (8.0.8.55)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ55548
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-08-08
    • 

  • Closed date
    2025-08-12
    • 

  • Last modified date
    2025-08-12
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 18 August 2025