Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IKYP001E z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
IKYP001E ICSF UNAVAILABLE. CERTIFICATE PROCESSING SUSPENDED ExplanationPKI Services background
certificate processing is attempting to create a digital signature.
ICSF manages the private key required for digital signing but it is
not available for any of the following possible reasons:
After the ICSF problem has been corrected, PKI Services must be stopped and restarted. System actionPKI Services background certificate processing is suspended. No certificates or CRLs are issued until the problem is corrected and PKI Services is stopped and restarted. However, certificate request management functions are still available through the R_PKIServ callable service and the PKI Services Web pages. System programmer responseEnsure that ICSF and the PCI cryptographic coprocessor (if applicable) are properly configured and operational. Follow the documentation for any issued message with the CSF prefix. If ICH408I messages are issued for insufficient authority to CSFKEYS or CSFSERV class resources, then the user ID of the PKI Services daemon has insufficient authority to use the key. Give the user ID the required access to the specified resource. To determine if the key you are using requires the PCI cryptographic coprocessor, see RACF administration for PKI Services. For more information, see Installing and configuring ICSF (optional), z/OS Cryptographic Services ICSF System Programmer's Guide, and z/OS Cryptographic Services ICSF Administrator's Guide. If you make changes to ICSF to correct the problem, stop and restart PKI Services. For more information, see (Optional) Steps for updating the configuration file. Routing code2 Descriptor code6 |
Copyright IBM Corporation 1990, 2014
|