APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A . Empty signer list in cms keystore after changing password. A cms keystore has been encountered with bad encoding of the key indexes within the store. A keystore corrupted in this manner will still pass integrity checks, but may result in unpredictable behavior including data loss. This data loss has been seen during the password change operation, with all signer certificates being lost. The origin of the badly encoded keystore is unknown at this time, with only a single report of it to date.
Local fix
Until fixed there are some possible workarounds: 1. Do not attempt a password change operation on your cms keystore until a JRE service release containing this APAR has been deployed. 2. If you have access to the gsk8capicmd native tool a badly encoded keystore can be fixed by re-writing it with the gskit command below. Note on a correctly formatted keystore this operation is still safe. gsk8capicmd -keydb -convert -db plugin-key.kdb -pw <xxxx> 3. Take a cautious approach to changing your cms keystore password: a) List and take note of the certificates in your keystore ikeycmd.exe -cert -list -db <store name> -pw <password> b) Take a backup of your current keystore c) Perform the password change operation and then redo a) above. If all the certificates are still present then you did not have a badly formatted keystore. d) If step c) demonstrated that you have a badly formed keystore then restore it from backup and take either options 1 or 2 until you have a service release containing this APAR.
Problem summary
CMS Provider and iKeyman - bad keystore encoding causes data loss during password change operationi
Problem conclusion
Keyman 8.0.409 release & CMS provider 2.55 . This APAR will be fixed in the following Java Releases: 7 SR9 FP20 (7.0.9.20) 8 SR2 (8.0.2.0) 6 SR16 FP15 (6.0.16.15) 7 R1 SR3 FP20 (7.1.3.20) 6 R1 SR8 FP15 (6.1.8.15) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV76737
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-09-03
Closed date
2015-09-30
Last modified date
2015-09-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R270 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020