Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
468 z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
468 Certificate key algorithm not in signature algorithm pairs
list. ExplanationThe certificate key algorithm of the local certificate cannot be used to generate digital signatures as it is not included in the signature algorithm pairs list. The server certificate must use a key algorithm included in the signature algorithm pairs list that is presented by the client during the TLS handshake. The client certificate must use a key algorithm included in the signature algorithm pairs list that is presented by the server during the TLS handshake. User responseEnsure that the key algorithm of the certificate is present in the signature algorithm pairs list that is presented by the session partner. If the certificate is correct, then configure the client or server or both to specify all necessary signature algorithm pairs in the environment variable GSK_TLS_SIG_ALG_PAIRS that allows the use of the certificate's key for generating digital signatures. See Table 6 for a list of valid 4-character signature algorithm pair definitions. |
Copyright IBM Corporation 1990, 2014
|