Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1324I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1324I CERTIFICATE ( label ) CANNOT BE USED
TO CREATE A SIGNATURE AND IS NOT A CERTIFICATE AUTHORITY CERTIFICATE ExplanationA certificate in the network security server certificate repository cannot be used to create a digital signature and is not a Certificate Authority certificate. A certificate must contain a private key to be used to create a signature. If a KeyUsage extension is present in the certificate the digitalSignature bit must be set. To be a Certificate Authority certificate the certificate
must meet one of the following conditions:
In the message text:
System actionThe certificate is ignored by the network security services daemon. Processing continues. Operator responseNone. System programmer responseIf this certificate is intended to be used on behalf of a network security services (NSS) client to create a signature, then verify that the private key is stored in the certificate repository. If the private key is not stored in the repository remove the certificate from the repository and add it back to the repository with its private key. If the KeyUsage extension is present in the certificate and the digitalSignature bit is not set, the certificate cannot be used to create a signature. A new certificate must be obtained. If this certificate is intended to be used as a Certificate Authority certificate and it is self-signed, then verify that it is marked as trusted. If it is not self-signed then the certificate cannot be used as a Certificate Authority certificate. A new certificate must be obtained. User responseNone. Problem determinationNot applicable. Sourcez/OS® Communications Server TCP/IP: Network Security Server ModuleCertRepository.cpp Routing code10 Descriptor code12 Example
|
Copyright IBM Corporation 1990, 2014
|