I've run into similar error when PKCS #12 file did not have a subject distinguished name. You can check the name value using
openssl pkcs12 -in cert.p12 -nokeys -clcerts | openssl x509 -noout -subject | sed 's/subject= //' On Fri, Dec 30, 2022 at 10:01 AM Ed Jaffe <edja...@phoenixsoftware.com> wrote: > TCPIP/TLS Cert Mavens, > > We have FTPS via AT-TLS working great from z/OS FTP clients to IBM > secure FTP servers and to our secure public FTP server outside the > firewall. > > We have a wildcard certificate for our servers inside the firewall, but > have so far been unable to establish working FTPS connections from z/OS > FTP clients to the server. The cert is on both the client's keyring and > the server's keyring -- as are the two other CERTAUTH certs in the chain. > > A return code '6' is 'Keylabel Not Found' but doesn't mention which > label it is looking for. How do we trace/discover that? > > Also what do the three long numbers after "Initial handshake" mean? We > can't find that documented. > > Apologies for posting system log format. I suspect many of you log your > syslogd messages elsewhere... > > IEF403I FTPSDIRL - STARTED - TIME=14.16.07 > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 247 > EZD1281I TTLS Map CONNID: 00021556 LOCAL: 192.168.10.193..38789 > REMOTE: 192.168.10.193..21 JOBNAME: FTPSDIRL USERID: EDJXADM TYPE: > OutBound STATUS: Appl Control RULE: PSI_FTP-Client~1 ACTIONS: gAct1 > eAct1~FTP_Clients cAct1~FTP_Clients .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 248 > EZD1281I TTLS Map CONNID: 00021557 LOCAL: ::FFFF:192.168.10.193..2 > 1 REMOTE: ::FFFF:192.168.10.193..38789 JOBNAME: FTPD1 USERID: TCPIP > TYPE: InBound STATUS: Appl Control RULE: PSI_FTP-Server~2 ACTIONS: > gAct1 eAct2~FTP_Server cAct2~FTP_Server .. > EZD1287I TTLS Error RC: 6 Initial Handshake 249 > LOCAL: ::FFFF:192.168.10.193..21 > REMOTE: ::FFFF:192.168.10.193..38789 > JOBNAME: FTPD1 RULE: PSI_FTP-Server~2 > USERID: TCPIP GRPID: 0000000A ENVID: 00000010 CONNID: 00021557 > EZD1287I TTLS Error RC: 438 Initial Handshake 250 > LOCAL: 192.168.10.193..38789 > REMOTE: 192.168.10.193..21 > JOBNAME: FTPSDIRL RULE: PSI_FTP-Client~1 > USERID: EDJXADM GRPID: 0000000A ENVID: 0000000F CONNID: 00021556 > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 251 > EZD1283I TTLS Event GRPID: 0000000A ENVID: 00000010 CONNID: > 00021557 RC: 6 Initial Handshake 0000000000000000 0000005279A22390 > 0000000000000000 .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 252 > EZD1286I TTLS Error GRPID: 0000000A ENVID: 00000010 CONNID: > 00021557 LOCAL: ::FFFF:192.168.10.193..21 REMOTE: ::FFFF:192.168.10.19 > 3..38789 JOBNAME: FTPD1 USERID: TCPIP RULE: PSI_FTP-Server~2 RC: > 6 Initial Handshake 0000000000000000 0000005279A22390 0000000000000000 > .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 253 > EZD1286I TTLS Error GRPID: 0000000A ENVID: 00000010 CONNID: > 00021557 LOCAL: ::FFFF:192.168.10.193..21 REMOTE: ::FFFF:192.168.10.19 > 3..38789 JOBNAME: FTPD1 USERID: TCPIP RULE: PSI_FTP-Server~2 RC: > 6 Initial Handshake 0000000000000000 0000005279A22390 0000000000000000 > .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 254 > EZD1283I TTLS Event GRPID: 0000000A ENVID: 0000000F CONNID: > 00021556 RC: 438 Initial Handshake 0000000000000000 0000005279A22F90 > 0000000000000000 .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 255 > EZD1286I TTLS Error GRPID: 0000000A ENVID: 0000000F CONNID: > 00021556 LOCAL: 192.168.10.193..38789 REMOTE: 192.168.10.193..21 > JOBNAME: FTPSDIRL USERID: EDJXADM RULE: PSI_FTP-Client~1 RC: 438 > Initial Handshake 0000000000000000 0000005279A22F90 0000000000000000 > .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 TTLS[33751922]: 14:16:07 TCPIP 256 > EZD1286I TTLS Error GRPID: 0000000A ENVID: 0000000F CONNID: > 00021556 LOCAL: 192.168.10.193..38789 REMOTE: 192.168.10.193..21 > JOBNAME: FTPSDIRL USERID: EDJXADM RULE: PSI_FTP-Client~1 RC: 438 > Initial Handshake 0000000000000000 0000005279A22F90 0000000000000000 > .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 ftps[197497]: EZYFT96I TLS 257 > handshake failed .. > BPXF024I (OMVS) Dec 29 14:16:07 mvs60 ftps[197497]: EZYFT96I TLS 258 > handshake failed .. > > Thanks, > > -- > Phoenix Software International > Edward E. Jaffe > 831 Parkview Drive North > El Segundo, CA 90245 > https://www.phoenixsoftware.com/ > > > > -------------------------------------------------------------------------------- > This e-mail message, including any attachments, appended messages and the > information contained therein, is for the sole use of the intended > recipient(s). If you are not an intended recipient or have otherwise > received this email message in error, any use, dissemination, distribution, > review, storage or copying of this e-mail message and the information > contained therein is strictly prohibited. If you are not an intended > recipient, please contact the sender by reply e-mail and destroy all copies > of this email message and do not otherwise utilize or retain this email > message or any or all of the information contained therein. Although this > email message and any attachments or appended messages are believed to be > free of any virus or other defect that might affect any computer system > into > which it is received and opened, it is the responsibility of the recipient > to ensure that it is virus free and no responsibility is accepted by the > sender for any loss or damage arising in any way from its opening or use. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
