IJ01501: KEYTOOL HELP INFORMATION FOR -CERTREQ, -SELFCERT AND -GENCRL COMMANDS ARE INCORRECT.

APAR status

Closed as program error.

Error description

Error Message: The help information displayed for the following
keytool commands are incorrect:
keytool -certreq -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -selfcert -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -gencrl -help shows incorrectly -ext
X.509_certificate_extensions as a valid option.
.
Stack Trace: N/A
.
While the help information is incorrect, keytool -certreq
command processes the -ext X.509_certificate_extensions
correctly and the extensions are added to the certificate
request.
Similarly, the keytool -selfcert command processes the -ext
X.509_certificate_extensions correctly and the extensions are
added to the self signed certificate.
The keytool -gencrl command ignores the -ext
X.509_certificate_extensions while generating a CRL file.

Local fix

The problem can be worked around by specifying the -ext option
as argument while generating (-certreq) certificate requests and
self signed certificates(-selfcert).

Problem summary

The help information displayed for the following keytool
commands are incorrect:
Keytool -certreq -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -selfcert -help does not show -ext
X.509_certificate_extensions as a valid option.
keytool -gencrl -help shows incorrectly -ext
X.509_certificate_extensions as a valid option.

Problem conclusion

The keytool has been updated to display -ext
X.509_certificate_extensions as a valid option for -certreq and
-selfcert commands.
The keytool has been updated not to display -ext as a valid
option while generating a CRL file.
.
This APAR will be fixed in the following Java Releases:
   7    SR10 FP15 (7.0.10.15)
   8    SR5 FP5   (8.0.5.5)
   7 R1 SR4 FP15  (7.1.4.15)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

Comments

APAR Information

APAR number
IJ01501
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-11-08
Closed date
2017-11-09
Last modified date
2017-11-09

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
SECURITY
Fixed component ID
620700125

Applicable component levels

R260 PSY
UP
R270 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020

Tips

IJ01501: KEYTOOL HELP INFORMATION FOR -CERTREQ, -SELFCERT AND -GENCRL COMMANDS ARE INCORRECT.

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R260 PSY

R270 PSY

Document Information

Share your feedback

Need support?