It seems that the installation of the OS/400 Cryptographic Access Provider licensed program products at times have a problem. Carsten has run up against this problem, and I experienced the same problem when configuring a system for Kerberos (Network Authentication Service) for Single Sign-on.
It appears that under some circumstances, a recovery situation arises where the Display Software Resources (DSPSFWRSC) command verifies the Cryptographic Access Provider licensed program as being installed, yet the product had to be reinstalled because the _CIPHER MI instruction claimed that the algorithm needed was not supported. We have not yet seen a PTF to fix this problem.
For this issue, Carsten has provided a utility to let you easily check what cryptographic support is available on your machine. Depending on the presence — and version — of the Cryptographic Access Provider licensed program product, a variety of cryptographic algorithms and cipher key lengths are supported.