Hi folks, and a very belated Happy New Year to all of you for whom it’s relevant.
I’ve had SSL/TLS running on my telnet server for the best part of a year, and now I’m trying to enable SSL/TLS on my z/OS 1.7 FTP server - without much success. When I try to connect with a SSL-capable FTP client (from Windows) I just get a FTP response 534 TLS setup failed, and on the z/OS syslog I see msg EZYFT95I Server setup for TLS failed. When I put a trace on, I get msgFR2147 ftpAuth: TLS init failed with rc = 202 (Error detected while opening the key database) I have a keyring called FTPTLS (yeah, I know!), and a self-signed certificate in there marked as DEFAULT. I have a separate FTPDATA file for my FTP server than I do for FTP clients. It contains statements EXTENSIONS AUTH_TLS KEYRING FTPTLS CIPHERSUITE SSL_AES_128_SHA CIPHERSUITE SSL_3DES_SHA SECURE_FTP ALLOWED On web searches I’ve seen some people specify SAF keyrings on the KEYRING statement as userid/keyring, eg TCPIP/FTPTLS- I can’t find anything in my Comms Server docs that describes that format so I can’t understand where that came from or why it should work, but I tried it anyway – still without success. I need to get this working as we have customers that are beating up our sales guys for it now. I can't see what's wrong.. Does anyone have any step-by-step instructions on how to set this up? Cheers Brian ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
