z/OS Security Server RACF Messages and Codes
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IRRD108I

z/OS Security Server RACF Messages and Codes
SA23-2291-00

IRRD108I
The certificate does not meet RACF requirements and cannot be used.

Explanation

The certificate being added or checked might be valid, but, RACF® cannot use it for one of the following reasons:
  • The issuers distinguished name is too long. RACF is trying to use the hash algorithm that is used in the certificate signature to create a DIGTCERT profile name that fits the maximum length of 246, but the hash algorithm is unknown to RACF.
  • The certificate contains critical extensions that RACF does not recognize.
  • The certificate version is greater than 3.
  • The certificate contains nonstandard KeyUsage.
  • The certificate contains a key format that RACF does not recognize. For example, RACF only supports ECC certificates with the namedCurve format.
  • The certificate exists in the RACF database with a different public key.

System action

RACDCERT command processing ends.

System programmer response

Check that the certificate being used was issued by the intended certifying authority. If necessary, report the problem to the IBM® support center.

User response

The digital certificate found in the data set cannot be used by RACF. If you have more than one certificate, be sure that the correct one was placed in the data set. Otherwise, you must obtain a new certificate containing information that meets RACF requirements. If you cannot obtain another certificate, contact your system programmer.

Parent topic: RACDCERT command messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014