java.io.IOException: private key of certificate not available or no authority to access
search cancel

java.io.IOException: private key of certificate not available or no authority to access

book

Article ID: 138281

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC Top Secret

Issue/Introduction

Inserted a new Server certificate in P7B/PKCS#7 Format and when starting the tomcat server the following error is received:

 Caused by: java.lang.IllegalArgumentException: The private key of TOMCATPR.MVSTECH is not available or no authority to access the private key

Caused by: java.io.IOException: The private key of TOMCATPR.MVSTECH is not available or no authority to access the private key
.at com.ibm.crypto.provider.RACFInputStream.getEntry(Unknown Source)  

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

The errors can occur if the new server certificate does not have a private key.

If a certificate has a private key the CHKCERT display would include:

Private Key Type: 
    RSA 
Private key bit size: 
    xxxx 

And the CERTDATA record would include KEYSIZE(xxxx), for example:

CERTDATA / LDAPR151.CERT LAST CHANGED BY USER010 ON 08/06/19-14:33 
                     ISSUERDN(CN=BroadcomLocalCA.OU=Security Department.O=Broa
                    dcom.C=US) KEYSIZE(2,048) LABEL(MyServer) SERIAL#(02) 
                     SUBJDN(CN=MyServer.OU=MyCo.C=US) TRUST               

A P7B/PKCS#7 Format file/certificate does not contain a private key. A new server certificate would need to be obtained from a PFX/P12/PKCS#12 Format  file/certificate which would include the certificates and the private key.

Powered by Wolken Software