Carmen Vitullo asked: >Phil, was this output from an SSL trace?
Yes. >IIRC there's usually more data related to a cert error, it's been 7, or >8 years since I ran the trace but usually the trace data >shows the TLS version also, it's a stretch but are you running TSL 1.1 >or higher? Yes, it's TLSv1.3: 09/07/2022-17:30:14 Thd-1 INFO read_v3_server_hello(): Using TLSV1.3 protocol >I'd agree with Attila also, I've had my security team load a cert for me >that required mixed case, and they defined the LABEL with all caps You mean the label in the gskkyman entry? I did that, no change. I also tried it in RACF, via the *AUTH*/* virtual key ring; also same error: 09/08/2022-09:53:50 Thd-1 ERROR check_cert_extensions_3280_and_later(): Basic Constraints extension must be critical for CA Certificate 09/08/2022-09:53:50 Thd-1 EXIT check_cert_extensions_3280_and_later(): <--- Exit status 0x03353071 (53817457) 09/08/2022-09:53:50 Thd-1 ERROR validate_certificate_basics(): Unable to verify certificate extensions: Error 0x03353071 09/08/2022-09:53:50 Thd-1 ERROR get_issuer_certificate(): Unable to validate CA certificate: Error 0x03353071 09/08/2022-09:53:50 Thd-1 ERROR validate_certificate(): Unable to get issuer certificate: Error 0x0335302f 09/08/2022-09:53:50 Thd-1 ERROR validate_certificate_mode(): Unable to validate certificate: Error 0x0335302f 09/08/2022-09:53:50 Thd-1 ERROR cms_validate_certificate_mode_int(): Unable to validate certificate: Error 0x0335302f 09/08/2022-09:53:50 Thd-1 EXIT cms_validate_certificate_mode_int(): <--- Exit status 0x0335302f (53817391) 09/08/2022-09:53:50 Thd-1 ERROR read_tls13_certificate(): Unable to validate peer certificate: Error 0x0335302f 09/08/2022-09:53:50 Thd-1 ERROR send_tls13_alert(): Sent TLS 1.3 alert 42 to 140.236.144.55[443] I'm 100% not trying to be one of those "No, your helpful advice can't be right" people here! I just don't know how to apply it. Thanks, ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
