Hi Jarno,
I have run into similar "asn" issues today with a ISVA 10.0.5.
The issues were related to making webseal sign a JWT ([jwt:/junction] stanza), and using the jwks local-app.
Those issues were logging the following errors, and were breaking webseal's jwt injection and the jwks local-app :
DPWIV1219E An SSL toolkit failure occurred while calling d2i_AutoPrivateKey. Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag.
We were able to fix those issues by removing special characters from the certificate label. And by special characters I mean "-" and "_", that do not seem so special.
Once all our certificates were reimported into a trustore without any - and _ in their labels, webseal started behaving again as expected.
No idea if this can help you, but you never know.
Regards,
André
------------------------------
André Leruitte
------------------------------
Original Message:
Sent: Thu April 20, 2023 08:58 AM
From: Jarno Hänninen
Subject: ISVA certificate handling fails with ISVA version 10.0.5
Hi,
We have upgraded our environments from ISVA 10.0.2 to 10.0.5 (10.0.2 -> 10.0.4 -> 10.0.5).
We have a few questions related to the certificate databases.
1. Are certificate labels unique across all certificate key databases?
2. If not - why are we getting DPWAP0194E Failed to store the supplied certificate in the keyfile: pdsrv.p12 (0x2: GSKKM_ERR_ASN)
We got the error when we tried to import a new signer certificate using LMI (also import with Ansible fails). We have defined an unique label to it.
Best Regards,
Jarno
------------------------------
Jarno Hänninen
------------------------------