friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0332907f0f
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahurzahu6adtroublepasswords.htm

143 lines
9.5 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Troubleshoot passwords and general problems" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu666dcmtroubleshooting.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahu6ad-troublepasswords" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Troubleshoot passwords and general problems</title>
</head>
<body id="rzahu6ad-troublepasswords"><a name="rzahu6ad-troublepasswords"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Troubleshoot passwords and general problems</h1>
<div><div class="section"><p>Use the following table to find information to help you troubleshoot
some of the more common password and other general problems that you may encounter
while working with Digital Certificate Manager (DCM).</p>
</div>
<div class="section"><div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="47.474747474747474%" id="d0e22"><span class="uicontrol">Problem</span></th>
<th valign="top" width="52.52525252525253%" id="d0e25"><span class="uicontrol">Possible Solution</span></th>
</tr>
</thead>
<tbody><tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You cannot find additional help for DCM.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">In DCM, click the "<span class="uicontrol">?</span>" help icon.
You can also search the Information Center and external IBM<sup>®</sup> web sites
on the Internet.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">Your password for the Local Certificate Authority (CA)
and *SYSTEM certificate stores do not work.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Passwords are case sensitive. Be sure the caps lock
is the same as it was when you assigned the password.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You receive an error message that your password has
expired when you attempt to open a certificate store.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">You must change the password for the certificate store.
Click the <span class="uicontrol">OK</span> button to change the password. </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">Your attempt to reset the password when you used the <span class="uicontrol">Select
a Certificate Store</span> task failed.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">The reset function works only if DCM has stored the
password. DCM stores the password automatically when you create a certificate
store. However, if you change (or reset) the password for an Other System
Certificate Store, then you must select the <span class="uicontrol">Automatic login</span> option
so that DCM continues to stash the password. </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">&nbsp;</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Also, if you move a certificate store from one system
to another, you must change the password for the certificate store on the
new system to ensure that DCM stashes it automatically. To change the password,
you must supply the original password for the certificate store when you open
it on the new system. You cannot use the reset password option until you have
opened the store with the original password and changed the password to stash
it. If the password is not changed and stashed, DCM and SSL cannot automatically
recover the password when it is needed for various functions. If you are moving
a certificate store that you will use as an Other System Certificate Store,
you must select the <span class="uicontrol">Automatic login</span> option when you
change the password to ensure that DCM stashes the new password for this type
of certificate store. </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">&nbsp;</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Check the value assigned to the <span class="uicontrol">Allow new
digital certificates</span> attribute under the <span class="uicontrol">Work with
system security</span> option of the System Service Tools (SST). If this
attribute is set to a value of 2 (No), then the certificate store password
cannot be reset. You can view or change the value for this attribute by using
the STRSST command and entering the Service Tools user ID and password. Then
choose the <span class="uicontrol">Work with system security</span> option. The Service
Tools user ID is probably the QSECOFR user ID.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You cannot find a source for a CA certificate to receive
it into your system.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Some CAs do not make their CA certificate readily available.
If you cannot get the CA certificate from the CA, then contact your VAR since
your VAR may have made special or monetary arrangements with the CA.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You cannot find the *SYSTEM certificate store.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">The file location of the *SYSTEM certificate must be <samp class="codeph">/qibm/userdata/icss/cert/server/default.kdb</samp>.
If that certificate store does not exist you need to use DCM to create the
certificate store. Use the <span class="uicontrol">Create New Certificate Store</span> task.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You received an error from DCM, and the error continues
to appear after you have fixed it.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Clear your browser cache. Set the cache size to 0, and
end and restart the browser.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You have a Directory Server (LDAP) problem such as certificate
assignments not being shown when the information about the secure application
is displayed immediately after assigning a certificate. This problem occurs
more often when using <span class="keyword">iSeries™ Navigator</span>
to get to a Netscape Communications browser. Your preference for the browser
cache is set to compare the document in cache to the document on the network <span class="uicontrol">Once
per session</span>.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">Change your default preference to check the caching
every time.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">When you use DCM to import a certificate signed by an
external CA such as Entrust, you receive an error message that the validity
period does not contain today or does not fall within its issuer's validity
period.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">The system is using Generalized Time format for the
validity period. Wait a day and try again. Also, verify that your system has
the correct value for UTC offset (<samp class="codeph">dspsysval qutcoffset</samp>).
If you observe Daylight Savings Time, your offset might be incorrectly set.</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e22 ">You received a base 64 error when trying to import an
Entrust certificate.</td>
<td valign="top" width="52.52525252525253%" headers="d0e25 ">The certificate is listed as being a specific format
such as PEM format. If the copy function of your browser does not work well
you may copy extra material that does not belong with the certificate, such
as blank spaces at the front of each line. If this is the case, then the certificate
will not be the right format when you try to use it on the system. Some Web
page designs cause this problem. Other Web pages are designed to avoid this
problem. Be sure to compare the appearance of the original certificate to
the results of the paste, since the pasted information must look the same.</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu666dcmtroubleshooting.htm" title="Review this information to learn how to resolve some of the more common errors that you may experience when using DCM.">Troubleshoot DCM</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink