IKYS014I Cannot find the {default | RA} certificate with private key associated in key ring
Explanation
PKI Services is attempting
to retrieve data from the SAF key ring specified by the KeyRing value in the SAF section of the pkiserv.conf file. The key ring specified does not appear to be set up properly.
The problem is related to either the CA (default) certificate or the
RA certificate, as indicated in the message. Possible problems are:
- The certificate is not connected to the ring.
- The certificate is incorrectly connected to the key ring. Both must have USAGE PERSONAL and the CA certificate must be the DEFAULT.
- The user ID assigned to the PKI Services daemon has insufficient authority to read the key ring or the private key.
System action
If the problem is with the default certificate, PKI Services stops. If the problem is with the RA certificate, PKI Services continues but the Simple Certificate Enrollment Protocol (SCEP) is disabled.
System programmer response
Ensure that the SAF key ring and the certificate stored in it are correct. For more information, see Locating your PKI Services certificates and key ring and z/OS Security Server RACF Security Administrator's Guide.