I'm getting this trying to use a self-signed certificate. I put it into gskkyman and when I try to connect (outbound from z/OS) I get
Certificate validation error from GSK_SECURE_SOCKET_INIT. Running a gsktrace shows: 09/07/2022-17:30:14 Thd-1 ERROR check_cert_extensions_3280_and_later(): Basic Constraints extension must be critical for CA Certificate 09/07/2022-17:30:14 Thd-1 EXIT check_cert_extensions_3280_and_later(): <--- Exit status 0x03353071 (53817457) 09/07/2022-17:30:14 Thd-1 ERROR validate_certificate_basics(): Unable to verify certificate extensions: Error 0x03353071 09/07/2022-17:30:14 Thd-1 ERROR get_issuer_certificate(): Unable to validate CA certificate: Error 0x03353071 I find nothing for that error in the doc (either the text or the error number). https://colinpaice.blog/2021/11/03/using-z-os-ldap-with-tls-1-3/ discusses the error, but I don't know how to check it! Other clients work but that doesn't prove much-we know z/OS is more stringent about following the rules than many. Ideas? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
