Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IKYC049I z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
IKYC049I SCEP signing certificate is {expired | revoked | not known
to PKI Services} ExplanationPKI Services is processing a Simple Certificate Enrollment Protocol (SCEP) request from a SCEP client. The request for a PKI operation contains a signing certificate that is expired, revoked, or unknown to PKI Services. The signing certificate cannot be used to authenticate the SCEP client. System actionPKI Services rejects the SCEP request. System programmer responseDetermine if the SCEP client should request certificates from PKI Services. If so, correct the SCEP client to use a valid signing certificate previously issued by PKI Services. If none exists, reconfigure the SCEP client to remove any existing certificates and start the certificate request from the beginning using a new key-pair and a new self-signed certificate. Report the error to the support center for the provider of your SCEP client. For more information, see Enabling Simple Certificate Enrollment Protocol (SCEP). |
Copyright IBM Corporation 1990, 2014
|