Mark, What did you put in SYSTEM DTCPARMS or node DTCPARMS for your SSL server? If you want to change anything for :nick.ssl in IBM DTCPARMS, you have to copy the whole section for that nickname to your local file. For example, I wanted to add a session limit and exempt low-strength encryption algorithms. The first thing I tried was just putting the following in node DTCPARMS: :nick.ssl :type.class :name.SSL daemon :command.VMSSL :diskwarn.YES :parms.MAXSESSIONS 30 EXEMPT LOW This was similar to my z/VM 5.3.0 file. I then got a message about Admin_ID_list not being found, so I added that. When I tried again, I got the same message you got. I guessed that I needed to copy the entire :nick.ssl section from IBM DTCPARMS to my local file, and change the parts I wanted to change. That worked. I currently have: :nick.ssl :type.class :name.SSL daemon :command.VMSSL :runtime.C :diskwarn.YES :Admin_ID_list.TCPMAINT GSKADMIN SYSPROG1 SYSPROG2 :memory.256M :mixedcaseparms.YES :mount. /../VMBFS:VMSYS:ROOT/ / , /../VMBFS:VMSYS:SSLSERV/ /tmp , /../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm
:parms.KEYFile /etc/gskadm/Database.kdb MAXSESSIONS 30 EXEMPT LOW Your error message is because SSLSERV is not seeing a :mount. tag, so it doesn't know where to find /etc/gskadm/Database.kdb. Dennis O'Brien 39,516 ________________________________ From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Wiggins, Mark Sent: Monday, March 16, 2009 13:38 To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] New CMS based SSLSERV problem... DTCSSL300E I'll start by saying that I have already found, read and preformed all tasks on http://www.vm.ibm.com/related/tcpip/tcsslini.html to no avail. I'm trying to setup the new CMS based SSLSERV for z/VM 540 RSU 0802, but I keep getting the exact error mentioned in the link above. DTCRUN1011I Server started at 16:02:41 on 16 Mar 2009 (Monday) DTCRUN1011I Running server command: VMSSL DTCRUN1011I Parameters in use: DTCRUN1011I MAXSESSIONS 20 KEYFILE /etc/gskadm/Database.kdb DTCSSL2423I Using server module: SSLSERV MODULE E2 - 2/26/09 16:28:52 DTCSSL002I SSLSERV main() - PROGMAP: Name Entry Origin Bytes Attributes SSLSERV 0FD63288 0FD63288 00041D73 Amode 31 Reloc DTCSSL002I DEBUG settings: Debug: 0 DTCSSL002I main() started... DTCSSL015I Server initialization in progress (z/VM level 540 - PK65850) DTCSSL100I This software incorporates the RSA algorithm DTCSSL132I Server ID: SSLSERV DMSLIO201W The following names are undefined: EDCUCSNM DMSLIO201W The following names are undefined: EDCUCSNM DTCSSL300E gsk_open_database_using_stash_file() failed; rc: 0x3353009 reason: File or keyring not found DTCSSL127E Server shutdown has commenced DTCSSL128E Server shutdown is complete DTCRUN1015I Server ended with RC=1 at 16:02:42 on 16 Mar 2009 (Monday) DTCRUN1019I Server will not be logged off because you are connected If I issue 'openvm list /etc/gskadm (own' on GSKADMIN account I get the following openvm listfile /etc/gskadm (own Directory = '/etc/gskadm' User ID Group Name Permissions Type Path name component gskadmin security rw- r-- --- F 'Database.kdb' gskadmin security rw- --- --- F 'Database.rdb' gskadmin security rw- r-- --- F 'Database.sth' The SSLSERV directory statement also has POSIXINFO UID 7 GNAME security So, what else can I try??? Mark Wiggins University of Connecticut 860-486-2792