Marcy, If I remember right I had the same problem when I did it back in Janurary.. If memory serves, the problem is that the export/import function of SSLSERV doesn't work.. There may be a PTF to fix it, I don't know.. I had to do one of the 'create' options..
-----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Marcy Cortes Sent: Tuesday, August 04, 2009 10:29 AM To: [email protected] Subject: SSL DTCSSL022E message on SSLSERV SSLSERV gets this when I try to connect: DTCSSL022E Handshake failed: rc: 428 reason: Key entry does not contain a private key I used Option 5 to import it. The error code says this. (The codes are in the z/os manual so what they tell me to do is rather z/os'y) 428 Key entry does not contain a private key. Explanation: The key entry does not contain a private key or the private key is not usable. This error can also occur if the private key is stored in ICSF and ICSF services are not available or if the private key size is greater than the supported configuration limit. Certificates that are meant to represent a server or client must be connected to a SAF keyring with a USAGE value of PERSONAL and either be owned by the userid of the application or be SITE certificates. |This error can occur when using z/OS |PKCS #11 tokens if the userid of the application does not have appropriate |access to the CRYPTOZ class. User response: Ensure that the ICSF started task has been started prior to the application if the private key is stored in ICSF. |When |using z/OS PKCS #11 tokens, ensure the userid has appropriate access to the |CRYPTOZ class. Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation."
