Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IKYP043I z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
IKYP043I PKI Services CA certificate cannot be a Diffie-Hellman certificate. ExplanationAn elliptic curve cryptography (ECC) certificate with only the keyAgreement keyUsage bit set, or with the keyAgreement bit set with either encipherOnly or decipherOnly set, is an ECC Diffie-Hellman certificate. Its intended usage is for key exchange, not for signing. Therefore, a CA certificate cannot be of this type. System actionPKI Services stops. System programmer responseMake sure that the key ring specified in the SAF section of the PKI Services configuration file (pkiserv.conf) contains a CA certificate that is not an ECC Diffie-Hellman certificate. |
Copyright IBM Corporation 1990, 2014
|