Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IKYC086I z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
IKYC086I Requests for CA certificates are prohibited by path length
constraint. ExplanationThe CA certificate in use has a path length constraint
value of zero, which prohibits the creation of subordinate or intermediate
CA certificates when the EnablePathLenContraint keyword
is set to T in the pkiserv.conf file.
Because the certificate request includes Certificate Authority key
usage bits (keyCertSign or cRLSign,
or both), it is considered to be a request for a CA certificate.
System actionThe certificate request fails.
System programmer responseIf this configuration was intended, restrict
the requestor from requesting the keyCertSign key
usage. For example, remove the keyusage list
from the PKI Services web page. If this configuration was not intended,
perform one of the following actions and restart PKI Services:
|
Copyright IBM Corporation 1990, 2014
|