Since I know almost nothing about AT-TLS config, this might be dumb, but: Don't forget to try the *AUTH*/* key ring. That's a "virtual key ring" that represents all the trusted certs, and is a great shortcut for saying "Do I have the right cert in there somewhere but the key ring setup isn't right yet?"
After getting badly burned by a customer problem that went on wayyyyy too long, I'm also always chary of AT-TLS being turned on without necessarily understanding both ends well enough. To wit: our customer was using AT-TLS for various stuff, and turned it on for the connection from our product (outbound from z/OS) to our server. However, our product and server were both already using TLS. So we then had: 1. Product asks gsk to start a connection 2. gsk requests a handshake 3. AT-TLS jumps in, wraps that connection, and starts its own handshake 4. Our server gets that handshake, says "OK, sure" and they do the dance 5. Once that's established, the handshake request from z/OS arrives, wrapped, at our server 6. It unwraps it and then says "What the heck is THAT?!!" because it sure doesn't look like what it was expecting from an established connection and we get an incomprehensible error Your problem probably isn't, but could be, sort of the invers: because AT-TLS is adding the handshake and the server isn't expecting it, it's also saying "What the heck is THAT?!" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
