Concur
When using RACF with AT-TLS, the TLS engine (System SSL) walks the trust
chain of certificates starting from the presented personal certificate
(e.g., FinAppCertUAT) up to a trusted root. If any part of the chain is:
* Not present
* Not marked as CERTAUTH
* Or not connected appropriately to the keyring
then the handshake will fail, often with RC=7, which means:
“No certificates available”
Source: IBM z/OS 2.5 System SSL RC Guide – RC
<https://www.ibm.com/docs/en/zos/2.5.0?topic=sfrc-1#idg27338>
https://www.ibm.com/docs/en/zos/2.5.0?topic=sfrc-1#idg27338
On 8/27/25 07:20, John S. Giltner, Jr. wrote:
If JPMorganCertUAT signed FinAppCertUAT, I think that JPMorganCertUAT
needs to be defined as CERTAUTH.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
