EZD1037I

Explanation
 The IKE message cannot be processed because no
matching certificate entry was  found. This error occurred while searching
for a certificate that matched the  LocalSecurityEndpoint ID and was
signed by the CA that was requested by the  remote security endpoint.

 Additional diagnostic messages that have the same message
instance number will be issued to identify the impacted Security Association
(SA). The message instance number precedes the message number in the
log output and is used to group related messages from the IKE daemon.
 id_string is
a string representation of the LocalSecurityEndpoint ID. 
 X.500_string is
the certificate authority.

System action
 The SA negotiation failed; IKE daemon processing
continues.

Operator response
 Verify that the Local Security Endpoint Identity
is correct. If it is correct, obtain a certificate with the expected
ID of the local IKE server. When the certificate is obtained, add
it to the IKE key ring with RACDCERT.
 When configured without
the IBM® Configuration Assistant
for z/OS® Communications Server,
the Local Security Endpoint is set on the LocalSecurityEndpoint statement.
See the information about the Policy Agent and
policy applications in z/OS Communications Server: IP Configuration
Reference for more  information about the  LocalSecurityEndpoint
statement.
 When configured with the IBM Configuration Assistant for z/OS Communications Server, edit the corresponding
Connectivity Rule in the GUI and verify that the Local Security Endpoint
Identify is correct.  See the online helps in the GUI for additional
information.

System programmer response
 None.

Module
 pki390.cpp

Procedure name
  None.