SSL Certificate Expiration When Using ATF

Technote (troubleshooting)


Problem(Abstract)

An application that uses Secure Sockets Layer (SSL) communication is being tested with a virtual time defined in the ATF Virtual Clock Data set (VCD). However all attempts to establish an SSL session fail.

Symptom

The exact message issued will vary by application. Typically, it will show that the call to gsk_secure_socket_init() set the return code to 401 (GSK_ERR_BAD_DATE).


Cause

The System SSL functions run in the application's address space. When the Language Environment runtime modules being used for that application are the version updated by the ATF ZAPs (as described in the ATF for z/OS Installation and Customization manual), these functions will use the ATF virtual time for validity checking of all certificates used for a connection. If the virtual time is outside of the start to end range for a certificate, the SSL negotiation will fail.

Resolving the problem

If practical, renew the affected certificate(s) with a date range sufficient to cover the virtual time being used. Otherwise use a copy of the LE runtime modules that have all of the ATF hooks provided in the appropriate ZAP member applied except for those referencing the @@TODMVS CSECT.



    .
    .
    .
    REP  000000   0A??
    IDRDATA  CIKLE1xZ
    *
    NAME CEEEV003 @@TODMVS[
    VER  000000   B2051020
    REP  000000   0A??
    IDRDATA  CIKLE1xZ</strike>]
    *
    NAME CEEEV003 EDCTZNMV
    .
    .
    .
    REP  000000   0A??
    IDRDATA  CIKLE1xZ
    *
    NAME CELHV003 @@TODMVS
    VER  000000   B2051020
    REP  000000   0A??
    IDRDATA  CIKLE1xZ
    *
    NAME CELHV003 EDCTZNMV
    .
    .
    .
Note: Removing these hooks will cause time references from any application function that is compiled with the DLL option to get real time instead of virtual time.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Application Time Facility for z/OS
Application Time Facilty

Software version:

2.8.6, 2.8.7

Operating system(s):

zSeries

Reference #:

1460351

Modified date:

2011-01-24

Translate my page

Machine Translation

Content navigation