On Tue, 11 Mar 2014 05:54:24 -0700, Donald J. <[email protected]> wrote:
>If I try to use a certificate with a HostIDMapping extension and no >certificate associated with the userid I get error message: >"CWXN A client certificate that maps to a valid userid is required." This is likely just CICS's response to a return code 8 reason code 40 CICS got from initACEE and shouldn't be taken too literally. You could look at a CICS auxtrace to be sure. But, probably something else is amiss in the setup. You should be able to use hostIdMappings or certificate name filtering in CICS. Ensure the CA that signed the openssl certificate is on CICS's keyring and set for HIGHTRUST. Looks like you have to set up a profile in the SERVAUTH class as well. And of course, the hostName in the hostIdMapping has to match. http://pic.dhe.ibm.com/infocenter/zos/v2r1/topic/com.ibm.zos.v2r1.icha700/dighost.htm As I said, this was awhile ago. I no longer have access to the system on which this was working so it's difficult for me to do further research. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
