PI10048: CAE SERVER ERROR AFTER 3.2 UPGRADE WHEN USING THE ICSF FOR CAE CERTIFICATES

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• If the CAE Server running under USS is using
  CQM_CAE_KEYSTORE_TYPE=RACFCCA, then it will fail on startup in
  CQM
  3.2.
  
  Some messages that will be in the CAE Server log are:
  
  java.net.SocketException:
  java.security.NoSuchAlgorithmException:
  SSLContext Default implementation not found:
  
  and
  
  Caused by: java.security.KeyStoreException: IBMKeyManager:
  Problem accessing key store java.io.IOException: Invalid
  keystore format
  This happens because the file bin/java.security.icsf was shipped
  in uppercase instead of lower case.
  This APAR adds the lower case version of java.security.icsf in
  addition to the uppercase JAVA.SECURITY.ICSF.
  

Local fix

• Workaround is to copy JAVA.SECURITY.ICSF to java.security.icsf.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of DB2 Query Monitor.                  *
  ****************************************************************
  * PROBLEM DESCRIPTION: If the CAE Server running under USS is  *
  *                      using CQM_CAE_KEYSTORE_TYPE=RACFCCA,    *
  *                      then it will fail on startup in CQM     *
  *                      3.2. Some messages that will be in the  *
  *                      CAE Server log are:                     *
  *                      java.net.SocketException:               *
  *                      java.security                           *
  *                      .NoSuchAlgorithmException:              *
  *                      SSLContext Default implementation not   *
  *                      found:                                  *
  *                      and Caused by: java.security            *
  *                      .KeyStoreException: IBMKeyManager:      *
  *                      Problem accessing key store java.io     *
  *                      .IOException: Invalid keystore format   *
  *                      This happens because the file bin/java  *
  *                      .security.icsf was shipped              *
  *                      in uppercase instead of lower case.     *
  *                      This APAR adds the lower case version   *
  *                      of java.security.icsf in addition to    *
  *                      the uppercase JAVA.SECURITY.ICSF.       *
  ****************************************************************
  * RECOMMENDATION: APPLY the PTF.                               *
  ****************************************************************
  Code has been changed to correct this condition.
  

Problem conclusion

• APPLY the PTF.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI14779

Modules/Macros

• CQMICSF
  

Fix information

• Fixed component name

  DB2 QUERY MONIT

• Fixed component ID

  5655E6701

Applicable component levels

• R320 PSY UI14779

     UP14/02/12 P F402

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.