Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1921I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1921I Certificate ( label ) contains a key
that is too short for FIPS 140 mode ExplanationThe Internet Key Exchange (IKE) daemon is configured to run in a mode that supports Federal Information Processing Standard 140 (FIPS 140). The IKE daemon detected that a certificate with the specified label contains an RSA key that is not allowed by FIPS 140. The certificate will not be available for IKE RSA mode authentication. See the information about FIPS 140 and IP security in z/OS Communications Server: IP Configuration Guide. In the message text:
System actionIKE processing continues. Operator responseNone. System programmer responseIf FIPS 140 support is required and the certificate is required for the RSA mode authentication, re-key the certificate with an RSA key that has a key size of 1024 bits or greater. If FIPS 140 support is not required for the IKE daemon, stop the daemon, configure FIPS140 No in the IKE configuration file, and restart the daemon. User responseNot applicable. Problem determinationNone. Sourcez/OS® Communications Server TCP/IP: IKE daemon Modulecertcache.cpp Routing codeNot applicable. Descriptor codeNot applicable. AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|