Oh goodness but I'm a moron! I define the certs and rings with the id of TN3270, but I finally noticed that my proc was running with a userid of IBMUSER. So modified the RACF entry so that proc TN3270 would start with the user name TN3270, and the errors went away. Jeez........ Hopefully someone will learn from my mistake.
Thanks to all that had suggestions. On Thu, May 29, 2008 at 10:13 AM, Mark Pace <[EMAIL PROTECTED]> wrote: > I've been working on setting up SSL support for TCP/IP. > My server name is TN3270. > I've set up RACF allowing control access for TN3270 to IRR.DIGTCERT.LIST & > IRR.DIGTCERT.LISTRING > I've set up a ring and a cert. > > racdcert id(tn3270) > listring > IKJ56700A ENTER Ring Name > - > TNRING > > > > Digital ring information for user > TN3270: > > > > Ring: > > >TNRING< > Certificate Label Name Cert Owner USAGE > DEFAULT > -------------------------------- ------------ -------- > ------- > TnServerCert ID(TN3270) PERSONAL > YES > > > READY > > > Setup TCPIP > > TelnetParms > ; port 23 > SECUREPORT 23 > KEYRING SAF TNRING > CONNTYPE ANY > > But when I start TN3270 I get this error. Which says I've had an open > failure on the keyring. I don't know what I'm missing. > > EZZ6035I TELNET DEBUG PROFILE WARNING,LINE: *N/A* MOD: EZBTMCVV 428 > RCODE: 600F-00 System SSL initiation failed. > PARM1: 000000CA PARM2: 00000000 PARM3: GSK_ENVIRONMENT_INIT > EZZ6040I TELNET PROFILE UPDATE FAILED FOR PORT 23, RCODE=600F > > > Does anyone see anything I've forgotten or obviously wrong? > > -- > Mark Pace > Mainline Information Systems -- Mark Pace Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
