When attempting to import a PKCS12 certificate into either a GSKit 5 or 7 keystore that uses IBM® v1.4.2 SDK or later. One of the following messages may be displayed:
GSK 5: "An error occurred while importing the selected keys"
GSK 7: "The specified database has been corrupted"
The IBM v1.4.2 SDK or v1.5 (5.0) SDK ships with a set of restricted security policy files that might not be able to handle PKCS12 files created with strong encryption.
- Go to IBM HTTP Server Java directory (default is /java/jre/bin) and run java -fullversion to determine which Java version the IBM HTTP Server is using.
- Go to: http://www.ibm.com/developerworks/java/jdk/security/50/
- Click the IBM SDK Policy files link and download the appropriate Unrestricted Policy files for your 1.4.2 or 1.5 SDK.
- Close iKeyman.
- Back up the local_policy.jar and US_export_policy.jar files located in: Java_home/lib/security
- Place the new files, previously downloaded, into: Java_home/lib/security
- Note: Java_home location of GSK5 or GSK7 are set in the ikeyman.bat (or ikeyman.sh) file located in IBM_HTTP_Server/bin directory.
- Restart iKeyman.
- Try importing the .p12 file into the key database.
**Details regarding downloads of unlimited jurisdiction policy files for the Solaris and HP platforms can be found in the IBM Security Guide for those platforms. It is recommended to always use the latest policy files from IBM.