z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


440

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

440
Incorrect key usage.

Explanation

The key usage certificate extension does not permit the requested key operation. This error can occur if the key usage extension of a client or server certificate (if any) does not allow the appropriate key usage.
  • RSA server certificates using 40-bit export ciphers with a public key size greater than 512 bits must allow digital signature.
  • RSA or DSA server certificates using fixed Diffie-Hellman key exchange must allow key agreement.
  • Other RSA server certificates must allow key encipherment.
  • DSA server certificates using ephemeral Diffie-Hellman key exchange must allow digital signature.
  • Client certificates using fixed Diffie-Hellman key exchange must allow key agreement.
  • ECC client and server certificates using fixed EC Diffie-Hellman (ECDH) key exchange must allow key agreement.
  • Otherwise, client certificates must allow digital signature.

User response

Specify a certificate with the appropriate key usage.

If the gskkyman utility was used to create either the client (user) or server end-entity certificate, ensure that the appropriate option was selected from the Certificate Usage menu to create a client (user) or server certificate. The Certificate Usage menu consists of options for creating certificate authority and client (user) / server end-entity certificates.

Parent topic: SSL function return codes

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014