> On Nov 6, 2017, at 7:55 PM, Charles Mills <charl...@mcn.org> wrote: > > Got it! The only password encryption algorithm (PBE) supported for FIPS mode > is pbeWithSha1And3DesCbc. > > In OpenSSL PCKS12, I needed to add -certpbe PBE-SHA1-3DES > > Sheesh! Would a more specific error message kill them? > > Charles
Charles: May I make an observation, please? Somewhere around the 1992-95 time frame, IBM went south as to documenting information that was critical, *I THINK* it was around the time that the UNIX people came in. Messages that were easy to understand became pretty well gibberish with TCP, especially when it came time for TCP and the UNIX. The TCP people would put out a message and in the message was a rc. The RC never seemed to be documented in the message and as a result would require a call to the support line for help adding sometimes days (sometimes minutes though) to get an answer. OK then once you have that, sometimes that didn’t help as you had no idea what they were referencing, which started a new call to the support center. Problem determination seemed to take forever. If you were lucky the guy on the other end actually had an idea what the problem was and would give you a nudge, then there was the call back from level 2/3 and they (to me anyway) were talking about items that I did not have a clue on. Sometimes you were really unlucky and got two rc’s and then that was an automatic call. I don’t know if any one else noticed that the TCP messages did not follow IBM standards which indicate e,s,i etc at the end to indicate severity and that the length of the messaged changed.. Then you pick up the TCP book on error messages and for a lot of them. The message was just reworded and echo’s back at you. I just hated TCP issues as they were like talking to a wall and add to the fact that they seem to be talking a different language than IBM used to talk and you were used to did not help out a bit. Also, it seemed that none of the RC’s were documented. After the initial brush with TCP I refused to go near it again. The damn TCP error message book was like a wooden stick to my heart. I tried to palm off any tcp issues to someone else as I got frustrated to the point of asking the boss to hire someone that was an expert as I never wanted to see another TCP message again. Ed ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN