Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1904E z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1904E IKED NSS client API version clientAPIversion does
not match NSS server API version serverAPIversion for
stack stackname ExplanationThe Internet Key Exchange daemon (IKED) connected to a Network Security Services (NSS) server that was supporting a lower level of the NSS API. Certificate services such as Certificate Revocation List (CRL) checking, Certificate Authority (CA) Hierarchy validation, and HTTP certificate retrieval are not available for this stack. The lack of this support limits the kinds of tunnels that the IKE daemon can negotiate for the stack. The IKE daemon is able to negotiate IKEv1 and IKEv2 tunnels using preshared key authentication for the stack. The IKE daemon is able to negotiate IKEv1 tunnels with digital signature authentication but without support for CRL checking or CA Hierarchy validation for the stack. The IKE daemon is unable to negotiate IKEv2 tunnels with digital signature authentication for the stack. In the message text:
System actionIKE daemon processing continues. Operator responseContact the system programmer. System programmer responseConnect the IKE daemon NSS client to an NSS server that is running on a z/OS® Communications Server V1R12 or greater system. To identify the NSS server that the IKE daemon is currently connected to, inspect the system log for EZD1136I. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS Communications Server TCP/IP: IKE daemon Modulestackobj.cpp Routing code3 Descriptor code3 AutomationThis message goes to the console and to syslog. Example
|
Copyright IBM Corporation 1990, 2014
|