[z/OS]

Troubleshooting an error when importing RACF certificates to WebSphere Application Server

You have clicked the Get file aliases in the WebSphere Application Server and received a CWPKI0663E error message asking you to make sure the file exists that is to be verified. This topic guides you on how to fix the error and continue with importing RACF certificates to WebSphere Application Server.

If you correctly entered the key file location, the type and the password, then the cause of the error is likely that your server is not configured to decrypt .p12 files.

To fix the error received when opening the .p12 file, you need to download a zip file containing two policy files. You then rename the existing policy files in your distributed WebSphere Application Server and add the two new ones. You then stop and restart the cell to pick up the change.

  1. Start a browser session and go to URL:http://www-01.ibm.com/software/.
  2. Click IBM Sign in.
  3. Enter your PartnerWorld®, developerWorks™, or IBM support id and password and click Submit to sign in.
    Note: If you don't have an id, there is a link on the page to register to get one.
  4. Click the radio button next to Unrestricted JCE Policy files for SDK 1.4.2 to select it. Then click Continue.
    Important: Your country of origin might have restrictions on the import, possession, use, or re-export to another country, of encryption software. Before downloading or using the unrestricted policy files, you must check the laws of your country, its regulations, and its policies concerning the import, possession, use, and re-export of encryption software, to determine if it is permitted.
  5. Review your contact information and correct (if necessary). Scroll down and review the license agreement. Check I Agree if you agree.
  6. Then click I confirm to continue.
    Important: Note the warning about the restrictions your country may have on cryptographic software.
  7. To continue, click Download now.
  8. The file unrestrict142.zip will be downloaded. Save it to disk.
  9. Click OK.
  10. Use any zip file utility to open unrestrict142.zip and extract the two files it contains to disk.
  11. On the system where the distributed WebSphere Application Server Version 6.1.0 cell runs, go to ${JAVA_HOME}/jre/lib/security and rename the files local_policy.jar to old.local_policy.jar and US_export_policy.jar to old.US_export_policy.jar.
    Note: the value of JAVA_HOME can be found in the administrative console at Environment > WebSphere Variables.
  12. Use a file transfer utility to transfer the local_policy.jar and US_export_policy.jar that you extracted from the zip file, to ${JAVA_HOME}/jre/lib/security on the system where the distributed WebSphere Application Server Version 6.1.0 cell runs.
  13. Stop and restart the distributed WebSphere Application Server Version 6.1.0 cell. Log into the administrative console and go to Security > SSL certificate and key management > Key Stores and certificates.
  14. Go back to Step 19 in Importing RACF certificates to WebSphere Application Server and continue.



Related tasks
Importing RACF certificates to WebSphere Application Server
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=rsec_sslimportRACFcert
File name: rsec_sslimportRACFcert.html