IBM Support

PI38917: NULLPOINTEREXCEPTION WHEN ATTEMPTING TO ENABLE FIPS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Using Business Process Manager version 8.5.6 with WebSphere
    Application Server (WSAS) version 8.5, encountering a problem
    when trying to enable FIPS
    
    From the WSAS Administrative Console, SSL certificate and key
    management > Manage FIPS panel, when attempting to Enable FIPS
    140-2 getting "null"
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server who configured keystore that         *
    *                  contains private or secret keys.            *
    ****************************************************************
    * PROBLEM DESCRIPTION: FIPS command throws                     *
    *                      NullPointerException when trying to     *
    *                      check private or secret keys for        *
    *                      compliance.                             *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    FIPS command "ListCertStatusForSecurityStandard" throws
    NullPointerException when trying to check private or secret
    keys for compliance.
    

Problem conclusion

  • The code has been fixed to correct NullPointerException.
    
    It is currently WebSphere Application Server's limitation that
    key lengths in secret keys are not evaluated for FIPS
    sp800-131a compliance.
    
    If secret keys are in keystores, please check its key length
    by using iKeyman in {WebSphere_install_dir}\java\jre\bin
    directory or other keystore tools.
    
    Following documentation contains recommended key lengths for
    algorithms.
    http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.p
    df
    
    This APAR added the following trace output when WebSphere
    Application Server detected keys that are not evaluated.
    
    NOT_FOR_EVALUATION reason=Not evaluated for FIPS compliance.
    (private or secret key)
    
    The trace output will be printed when SSL=all trace option is
    turned on.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.7.  Please refer to the Recommended
    Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI38917

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-04-11

  • Closed date

    2015-06-04

  • Last modified date

    2015-06-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022