Mark,
What did you put in SYSTEM DTCPARMS or node DTCPARMS for your SSL
server? If you want to change anything for :nick.ssl in IBM DTCPARMS,
you have to copy the whole section for that nickname to your local file.
For example, I wanted to add a session limit and exempt low-strength
encryption algorithms. The first thing I tried was just putting the
following in node DTCPARMS:
:nick.ssl :type.class
:name.SSL daemon
:command.VMSSL
:diskwarn.YES
:parms.MAXSESSIONS 30
EXEMPT LOW
This was similar to my z/VM 5.3.0 file. I then got a message about
Admin_ID_list not being found, so I added that. When I tried again, I
got the same message you got. I guessed that I needed to copy the
entire :nick.ssl section from IBM DTCPARMS to my local file, and change
the parts I wanted to change. That worked. I currently have:
:nick.ssl :type.class
:name.SSL daemon
:command.VMSSL
:runtime.C
:diskwarn.YES
:Admin_ID_list.TCPMAINT GSKADMIN SYSPROG1 SYSPROG2
:memory.256M
:mixedcaseparms.YES
:mount. /../VMBFS:VMSYS:ROOT/ / ,
/../VMBFS:VMSYS:SSLSERV/ /tmp ,
/../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm
:parms.KEYFile /etc/gskadm/Database.kdb
MAXSESSIONS 30
EXEMPT LOW
Your error message is because SSLSERV is not seeing a :mount. tag, so it
doesn't know where to find /etc/gskadm/Database.kdb.
Dennis O'Brien
39,516
________________________________
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Wiggins, Mark
Sent: Monday, March 16, 2009 13:38
To: IBMVM@LISTSERV.UARK.EDU
Subject: [IBMVM] New CMS based SSLSERV problem... DTCSSL300E
I'll start by saying that I have already found, read and preformed all
tasks on http://www.vm.ibm.com/related/tcpip/tcsslini.html to no avail.
I'm trying to setup the new CMS based SSLSERV for z/VM 540 RSU 0802, but
I keep getting the exact error mentioned in the link above.
DTCRUN1011I Server started at 16:02:41 on 16 Mar 2009 (Monday)
DTCRUN1011I Running server command: VMSSL
DTCRUN1011I Parameters in use:
DTCRUN1011I MAXSESSIONS 20 KEYFILE /etc/gskadm/Database.kdb
DTCSSL2423I Using server module: SSLSERV MODULE E2 - 2/26/09 16:28:52
DTCSSL002I SSLSERV main() - PROGMAP:
Name Entry Origin Bytes Attributes
SSLSERV 0FD63288 0FD63288 00041D73 Amode 31 Reloc
DTCSSL002I DEBUG settings: Debug: 0
DTCSSL002I main() started...
DTCSSL015I Server initialization in progress (z/VM level 540 - PK65850)
DTCSSL100I This software incorporates the RSA algorithm
DTCSSL132I Server ID: SSLSERV
DMSLIO201W The following names are undefined:
EDCUCSNM
DMSLIO201W The following names are undefined:
EDCUCSNM
DTCSSL300E gsk_open_database_using_stash_file() failed; rc: 0x3353009
reason: File or keyring not found
DTCSSL127E Server shutdown has commenced
DTCSSL128E Server shutdown is complete
DTCRUN1015I Server ended with RC=1 at 16:02:42 on 16 Mar 2009 (Monday)
DTCRUN1019I Server will not be logged off because you are connected
If I issue 'openvm list /etc/gskadm (own' on GSKADMIN account I get the
following
openvm listfile /etc/gskadm (own
Directory = '/etc/gskadm'
User ID Group Name Permissions Type Path name component
gskadmin security rw- r-- --- F 'Database.kdb'
gskadmin security rw- --- --- F 'Database.rdb'
gskadmin security rw- r-- --- F 'Database.sth'
The SSLSERV directory statement also has
POSIXINFO UID 7 GNAME security
So, what else can I try???
Mark Wiggins
University of Connecticut
860-486-2792
