Re: SSL with RACF self signed certificates

Wed, 03 Dec 2003 20:19:00 -0800 

SSL with RACF self signed certificatesHenry

It isnt going to help you much but RC=-99 is GSK_ERROR_UNKNOWN_ERROR -99

The current System Secure Sockets Layer Programming Guide is gskssl30.pdf

See Chapter 5. Reference Page 55 for the return codes

I have seen the error before but I can't remember what the solution was

You should check that the certificate was generated correctly - with the
right parameters

I suspect that the problem is with  the chin task user-id RACF permissions

Changes to the certificates in the key ring and to the key repository
attribute become effective when the channel initiator is started or
restarted.

Brian S. Crabtree
WBI Consultant
----- Original Message -----
From: Fogwill, Henry
To: [EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 8:09 PM
Subject: SSL with RACF self signed certificates


Hi all,
I am trying to test SSL authentication / encryption and having trouble
getting all the definitions correct. For now I will be happy if I can get
the channel initiator happy.
This is what I did:
1. Define keyring in RACF (QMGRRING)
2. Defined a certificate in RACF to allow RACF to act as a CA (RACDCERT
CERTAUTH CERTGEN)
3. Request a personnel certificate from RACF for my chin task user-id
(RACDCERT CERTGEN)
4. Connect the certificate to the keyring (RACDCERT CONNECT)
5. Tell the queue manager the keyring name
6. Use 8 for the tasks to attach for SSL
7. Refresh RACF keyring class
8. Stop/start queue manager
When I start the queue manager up the chininit will not attach these tasks
for SSL and gives me the following result for each task to attach:
CSQX625E +QMGR CSQXSRVS System SSL error, function 'gsk_initialize' RC=-99
This return code is suppose to be in documented in appendix D of the System
Secure Sockets Layer Programming Guide
 manual. This manual only goes to appendix C.
It then dumps with :
DUMP TITLE=QMGR,ABN= 5C6-00E70053,C=F1000.530.CHIN           ,L
           OC=*.CSQXSRVI+004C4
Any advice on what I am missing or doing wrong?
Thanks in advance for any information you can provide.
Henry Fogwill

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Reply via email to