IBM Security Verify

 View Only
Expand all | Collapse all

10.0.3.0 key store and trusts store db format change

  • 1.  10.0.3.0 key store and trusts store db format change

    IBM Champion
    Posted Sun January 02, 2022 11:23 AM

    Hi Community

     

    Just found out that starting with ISVA 1.0.3.0, the certificate database format of downloaded ssl certificate db files has changed.

    • The downloaded ZIP file used to contain a pair of KDB/STH files (prior 10.0.3.0)
    • Whereas now (with 10.0.3.0) it contains a P12/STH files (STH files have no role in P12 format)

    Obviously, this breaks some RESTAPI playbook automations. Before I start making some adjustments to try to support both formats, does anyone know if this change was announced and/or is voluntary or accidental ?

    Interestingly, the 'import' function in the LMI (System->Secure Settings->SSL Certificates->Manage->Import) is still expecting a KDB and STH file pair.



    ------------------------------
    Sylvain Gilbert
    ------------------------------


  • 2.  RE: 10.0.3.0 key store and trusts store db format change

    Posted Thu January 06, 2022 03:51 PM
    Sylvain,

    The internal format of the key files have changed from the non-standard kdb format to the more standard PKCS-12 format.  The import Web service now supports the import of either a KDB or PKCS-12 file, but the export is now in the standard PKCS-12 format.  Unfortunately this change wasn't announced as the format of the key file is not currently documented, and IBM expected the import/export to be treated as opaque/internal data.  Sorry for the inconvenience.

    ------------------------------
    Scott Exton
    IBM
    Gold Coast
    ------------------------------