Marcy, Our z/VM 5.4 systems are at RSU 0902 plus all the COR service that was available on 19 June.
Dennis O'Brien "If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; May your chains set lightly upon you, and may posterity forget that ye were our countrymen." -- Samuel Adams, 1 Aug 1776. -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marcy Cortes Sent: Tuesday, August 04, 2009 09:45 To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV That's exactly how I did it too - our Cert Authority sounds similar; the root cert and the intermediate cert were sep files, which I did imported first with option 7. I did search IBMLink after seeing Thomas's reply; nothing found there either. Someone here in another WF entity has gotten it to work, so maybe it is VM levels. I followed his instructions. Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of O'Brien, Dennis L Sent: Tuesday, August 04, 2009 9:26 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV Marcy, I used "4 - Create new certificate request" to generate a certificate request. I then submitted the request to our Certificate Authority. When the certificate was ready, I downloaded it to my PC in Base 64, uploaded it to GSKADMIN, copied it to BFS, then used "5 - Receive requested certificate or a renewal certificate" to add it to the database. The certificate had the necessary root certificates in the same file. I don't know how Wells handles certificate issuance, so this may not work for you. We have the option to download root certificates separately, but I didn't need to use it. Dennis O'Brien "If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; May your chains set lightly upon you, and may posterity forget that ye were our countrymen." -- Samuel Adams, 1 Aug 1776. -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marcy Cortes Sent: Tuesday, August 04, 2009 08:29 To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] SSL DTCSSL022E message on SSLSERV SSLSERV gets this when I try to connect: DTCSSL022E Handshake failed: rc: 428 reason: Key entry does not contain a private key I used Option 5 to import it. The error code says this. (The codes are in the z/os manual so what they tell me to do is rather z/os'y) 428 Key entry does not contain a private key. Explanation: The key entry does not contain a private key or the private key is not usable. This error can also occur if the private key is stored in ICSF and ICSF services are not available or if the private key size is greater than the supported configuration limit. Certificates that are meant to represent a server or client must be connected to a SAF keyring with a USAGE value of PERSONAL and either be owned by the userid of the application or be SITE certificates. |This error can occur when using z/OS |PKCS #11 tokens if the userid of the application does not have appropriate |access to the CRYPTOZ class. User response: Ensure that the ICSF started task has been started prior to the application if the private key is stored in ICSF. |When |using z/OS PKCS #11 tokens, ensure the userid has appropriate access to the |CRYPTOZ class. Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation."