|Applies To||RSA BSAFE Cert-J 2.0.1|
|Issue||How to create a PKCS #12 that has default attributes set consistent with RSA BSAFE Cert-J's expectation|
When importing a PKCS #12 message created by Cert-J the private key is not being found or loaded into the database.
Using the following constructor for the PKCS #12 message:
The caller sets the certAttrs and keyAttrs to null
|Cause||If the attributes are not set correctly then Cert-J will not be able to correctly "link" the certificate with the private key. Therefore when trying to find the private key that pertains to a given certificate the reader of the PKCS #12 message will not be able to correctly obtain the private key.|
|Resolution||There is a bug fix that sets the localKeyId and friendlyName attributes if the attributes passed in are null. You can obtain this patch for Cert-J 2.0.1 through SecureCare Online or through developer support.|
To obtain the patch from SecureCare Online you can go to the following link: https://knowledge.rsasecurity.com/docs/utilities/pkcs12fix.zip
Another work-around is to set the localKeyId attribute for both the certificate and the private key. (The localKeyId attribute must match for both these fields)
An alternative solution is to use one of the other constructors for PKCS #12. If you use these constructors then the localKeyId and friendlyName attributes are set for you. If you put the private keys, crls, and certificates in a pathCtx then you can use the following constructor:
PKCS12 (CertJ certJ,
See the Cert-J javadoc for more information.
|Legacy Article ID||a6684|