Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Crypto configuration doc

29 views
Skip to first unread message

dileep...@sun.com

unread,
May 28, 2008, 12:46:23 PM5/28/08
to
Would someone point me to documentation for configuring WAS with H/W based cryptographic devices. The infocenter doesn't seem to be so clear.

Thanks

Brian S Paskin

unread,
May 28, 2008, 9:41:26 PM5/28/08
to
Hi, That is a vague question. There are different hardware devices that do cryptography and each one is configured differently, and you did not specify the platform.

Here is a link for System z hardware cryptography and WebSphere:

http:// publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.webspher e.zseries.doc/info/zseries/ae/tsec_storecertkeysicsf.html

Regards, Brian

dileep...@sun.com

unread,
May 29, 2008, 12:37:19 AM5/29/08
to
Thanks for your attention at least.

I posted a question earlier and did not get any reply so I reached the forum again with more general question.

I looked at the infocenter and the document pointed by you as well.

Looks like It is looking for libjpkcs11.so file somehow see below in the error message. This file used to exist in 5.1 days in zip file which doesn't exists anymore and there is no documentaion on 6.1 infocenter which in anyway point to this.

Some more search into this revealed a problem with WAS PKCS implementation http://w ww-1.ibm.com/support/docview.wss?rs=180&uid=swg1PK45677

which is claimed to be fixed in Fix Pack 11 which I have updated but no luck. I hope you can get some details on this

5/28/08 21:14:27:943 PDT 0000000a ContainerImpl E WSVR0501E: Error creating component com.ibm.ws.ssl.core.SSLComponentImpl

java.lang.UnsatisfiedLinkError: no jpkcs11 in java.library.path

at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682)

at java.lang.Runtime.loadLibrary0(Runtime.java:822)

at java.lang.System.loadLibrary(System.java:993)

at com.ibm.pkcs11.nat.NativePKCS11. (Unknown Source)

at com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl.Init(IBMPKCS11Impl.java:1145)
at com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl. (IBMPKCS11Impl.java:651)

at com.ibm.ws.ssl.core.WSPKCSInKeyStore$1.run(WSPKCSInKeyStore.java:254)

at java.security.AccessController.doPrivileged(Native Method)

at com.ibm.ws.ssl.core.WSPKCSInKeyStore.initializePKCS11ImplProvider(WSPKCSInKeySt ore.java:252)

at com.ibm.ws.ssl.core.WSPKCSInKeyStore. (WSPKCSInKeyStore.java:53)

at com.ibm.ws.ssl.core.WSPKCSInKeyStoreList.insert(WSPKCSInKeyStoreList.java:78)
at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:532)

Brian S Paskin

unread,
May 29, 2008, 1:15:25 AM5/29/08
to
Hi, The APAR you linked to is a different issue. Do you have the GSkit installed?

Regards,

Brian

dileep...@sun.com

unread,
May 29, 2008, 1:59:40 AM5/29/08
to
No I don't have the GSKit installed. I just want to use the JAVA cryptographic framework.

Why do you think I need the GSKit here. I see all the libraires related to pkcs but it is looking for something which doesn't exists.

I assumed based on the details to be somewhat closest I can find on the topic.

Brian S Paskin

unread,
May 29, 2008, 2:43:57 AM5/29/08
to
That shared object is part of the gskit.

Bria

dileep...@sun.com

unread,
May 29, 2008, 2:01:07 PM5/29/08
to
Similar issues were reported for 5.1 and I did the upgrade to V6.1.0.13

http://www-1.ib m.com/support/docview.wss?uid=swg21215714

I am doing this on Solaris 10/WAS ND v6.1

Brian S Paskin

unread,
May 29, 2008, 9:19:35 PM5/29/08
to
Hi, if you do not have the shared object on your system, then there is nothing I nor anyone can do. The exception from WebSphere 5.0, 5.1 is different than your issue.

To get more support I suggest to open a PMR with IBM.

Regards,

Brian

0 new messages