z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


468

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

468
Certificate key algorithm not in signature algorithm pairs list.

Explanation

The certificate key algorithm of the local certificate cannot be used to generate digital signatures as it is not included in the signature algorithm pairs list. The server certificate must use a key algorithm included in the signature algorithm pairs list that is presented by the client during the TLS handshake. The client certificate must use a key algorithm included in the signature algorithm pairs list that is presented by the server during the TLS handshake.

User response

Ensure that the key algorithm of the certificate is present in the signature algorithm pairs list that is presented by the session partner. If the certificate is correct, then configure the client or server or both to specify all necessary signature algorithm pairs in the environment variable GSK_TLS_SIG_ALG_PAIRS that allows the use of the certificate's key for generating digital signatures. See Table 6 for a list of valid 4-character signature algorithm pair definitions.

Parent topic: SSL function return codes

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014