Re: z/OS SSL

Mark Pace Thu, 29 May 2008 08:33:53 -0700

Okay I added a CA to the ring.  Still get the same error.
I don't recall seeing anything in the IP guide about IRR.DIGTRING.LIST.
I'll look that one up.


racdcert id(tn3270) listring(TNRING)

   Digital
ring information for user TN3270:
   Ring:
        >TNRING<
   Certificate Label Name             Cert Owner     USAGE      DEFAULT
   --------------------------------   ------------   --------   -------
   TnServerCert                       ID(TN3270)     PERSONAL     YES
   Verisign Class 3 Primary CA        CERTAUTH       CERTAUTH     NO

 READY


On Thu, May 29, 2008 at 11:04 AM, Chase, John <[EMAIL PROTECTED]> wrote:

> > -----Original Message-----
> > From: IBM Mainframe Discussion List On Behalf Of Mark Pace
> >
> > I've been working on setting up SSL support for TCP/IP.
> > My server name is TN3270.
> > I've set up RACF allowing control access for TN3270 to
> > IRR.DIGTCERT.LIST & IRR.DIGTCERT.LISTRING I've set up a ring
> > and a cert.
> >
> > racdcert id(tn3270)
> > listring
> >  IKJ56700A ENTER Ring Name
> > -
> > TNRING
> >
> >
> >
> >  Digital ring information for user
> > TN3270:
> >
> >
> >
> > Ring:
> >
> > >TNRING<
> >    Certificate Label Name             Cert Owner     USAGE
> > DEFAULT
> >    --------------------------------   ------------   --------
> > -------
> >    TnServerCert                       ID(TN3270)     PERSONAL
> > YES
> >
> >
> >  READY
> >
> >
> > Setup TCPIP
> >
> >  TelnetParms
> >  ; port 23
> >    SECUREPORT 23
> >    KEYRING SAF TNRING
> >    CONNTYPE ANY
> >
> > But when I start TN3270 I get this error.  Which says I've
> > had an open failure on the keyring.  I don't know what I'm missing.
> >
> > EZZ6035I TELNET DEBUG PROFILE WARNING,LINE: *N/A* MOD: EZBTMCVV 428
> >   RCODE: 600F-00  System SSL initiation failed.
> >   PARM1: 000000CA PARM2: 00000000 PARM3: GSK_ENVIRONMENT_INIT
> > EZZ6040I TELNET PROFILE UPDATE FAILED FOR PORT    23, RCODE=600F
> >
> >
> > Does anyone see anything I've forgotten or obviously wrong?
>
> I don't see a certauth certificate linked to the keyring.  Also, does
> TN3270 have READ (or is it UPDATE?) to FACILITY profile
> IRR.DIGTRING.LISTRING?
>
>    -jc-
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>
>


-- 
Mark Pace
Mainline Information Systems

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: z/OS SSL

Reply via email to