z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1044I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1044I
The ID ( id_X.500_string ) sent by the remote security endpoint in the ID payload does not match the subject name or any of the subject alternate names in the certificate used by the remote security endpoint to generate its signature

Explanation

The IKE negotiation will probably fail because the identities in the ID payload and in the certificate do not match. This mismatch occurred during verification of the remote security endpoint identity while using digital signature mode authentication.

Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.

id_X.500_string is the X.500 string from the ID payload.

System action

The certificate cannot be used and the negotiation will probably fail; IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Notify the administrator of the remote security endpoint about this error and ask the administrator to ensure that they are using a certificate that matches the identity they are sending.

Module

pki390.cpp

Procedure name

None.

Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014