Well, I checked everything and all looks ok to me. I'm also at the same service level as Dennis. I'll open a pmr.
Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Alan Altmark Sent: Tuesday, August 04, 2009 10:15 AM To: [email protected] Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV On Tuesday, 08/04/2009 at 12:45 EDT, Marcy Cortes <[email protected]> wrote: > Wrong words. > > I used option 4 to create the CSR. Took that to the CMS (Certificate > Management System) and used for the request. > Once I got it, I used option 5 to receive it. I had used option 7 to import > the root and intermediate certs before doing the option 5. That is the correct process. You only need private keys for certs that represent your system. o Double-check your TLSLABEL spec in the telnet/ftp server config and make sure you've got the right label, not one pointing to a root or intermediate cert. o Display the content of your key database and ensure you don't see any nearly-identical labels. o Make sure the cert you think you're using has the label you think it has. o As an aside, make sure your intermediate and root certs are marked "trusted" so that your telnet and ftp clients will accept server certs from other systems that were signed by those same certs. Alan Altmark z/VM Development IBM Endicott
