z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1921I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1921I
Certificate ( label ) contains a key that is too short for FIPS 140 mode

Explanation

The Internet Key Exchange (IKE) daemon is configured to run in a mode that supports Federal Information Processing Standard 140 (FIPS 140). The IKE daemon detected that a certificate with the specified label contains an RSA key that is not allowed by FIPS 140. The certificate will not be available for IKE RSA mode authentication.

See the information about FIPS 140 and IP security in z/OS Communications Server: IP Configuration Guide.

In the message text:
label
The label of the certificate.

System action

IKE processing continues.

Operator response

None.

System programmer response

If FIPS 140 support is required and the certificate is required for the RSA mode authentication, re-key the certificate with an RSA key that has a key size of 1024 bits or greater. If FIPS 140 support is not required for the IKE daemon, stop the daemon, configure FIPS140 No in the IKE configuration file, and restart the daemon.

User response

Not applicable.

Problem determination

None.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

certcache.cpp

Routing code

Not applicable.

Descriptor code

Not applicable.

Automation

Not applicable.

Example

EZD1921I Certificate ( Certificate512 ) contains a key that is too short for FIPS 140 mode
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014