Actually Alan described my problem better than I did .. exporting from 5.3 and importing to 5.4 ..
-----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Marcy Cortes Sent: Tuesday, August 04, 2009 11:45 AM To: [email protected] Subject: Re: SSL DTCSSL022E message on SSLSERV Wrong words. I used option 4 to create the CSR. Took that to the CMS (Certificate Management System) and used for the request. Once I got it, I used option 5 to receive it. I had used option 7 to import the root and intermediate certs before doing the option 5. I didn't do anything on 5.3 (waited for the CMS version in 5.4 instead). Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Alan Altmark Sent: Tuesday, August 04, 2009 9:37 AM To: [email protected] Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV On Tuesday, 08/04/2009 at 11:36 EDT, Marcy Cortes <[email protected]> wrote: > SSLSERV gets this when I try to connect: > > DTCSSL022E Handshake failed: rc: 428 reason: Key entry does not > contain a > private key > > I used Option 5 to import it. Option 5 doesn't import certificates. Are you sure it wasn't 7 or 8? With option 5, they private key is already in the database (created by option 4). I've seen this error before when using SSLADMIN EXPORT on a z/VM 5.3 system and then using option 7 to import into z/VM 5.4. The import works because SSLADMIN EXPORT doesn't export the private key. Contact the Support Center if this is the case. Alan Altmark z/VM Development IBM Endicott -------------------------------------------------------- Key Management Menu Database: <db_name> Expiration: <date> 1 - Manage keys and certificates 2 - Manage certificates 3 - Manage certificate requests 4 - Create new certificate request 5 - Receive requested certificate or a renewal certificate 6 - Create a self-signed certificate 7 - Import a certificate 8 - Import a certificate and a private key 9 - Show the default key 10 - Store database password 11 - Show database record length 0 - Exit program ----------------------------------------------------- Key and Certificate Menu Label: <Certificate_label_name> 1 - Show certificate information 2 - Show key information 3 - Set key as default 4 - Set certificate trust status 5 - Copy certificate and key to another database 6 - Export certificate to a file 7 - Export certificate and key to a file 8 - Delete certificate and key 9 - Change label 10 - Create a signed certificate and key 11 - Create a certificate renewal request 0 - Exit program
