z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


-55

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

-55
Incorrect key usage.

Explanation

The key usage certificate extension does not permit the requested key operation. This error can occur if the key usage extension of a client or server certificate (if any) does not allow the appropriate key usage.
  • RSA server certificates using 40-bit export ciphers with a public key size greater than 512 bits must allow digital signature.
  • RSA or DSA server certificates using fixed Diffie-Hellman key exchange must allow key agreement.
  • Other RSA server certificates must allow key encipherment.
  • DSA server certificates using ephemeral Diffie-Hellman key exchange must allow digital signature.
  • Client certificates using Diffie-Hellman key exchange must allow key agreement.
  • Otherwise client certificates must allow digital signature.

User response

Specify a certificate with the appropriate key usage.

If the gskkyman utility was used to create either the client or server end-entity certificate, ensure that the appropriate option was selected from the Certificate Usage menu to create a user or server certificate.

Parent topic: Deprecated SSL function return codes

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014