BLDPORT job fails SSL connection with 'Certification authority is unknown'
Article ID: 114882
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
BLDPORT job fails SSL connection.
ERROR from job BLDPORT under SYSA
Creating connection
Turning on VERBOSE in the connection
Setting URL to HTTPS://COMPANYACOM
Setting port to 1443
Turning on SSL
Setting SSL key type
Setting keyring to IZUAPIKY
Setting cookie type
Connecting
*ERROR* (hwthconn) at time: 16:38:08
Rexx RC: 0, Toolkit ReturnCode: 262 (x106)
DiagArea.Service: 1441793
DiagArea.ReasonCode: 435
DiagArea.ReasonDesc: Certification authority is unknown
** hwthconn failure **
ISPD117
The initially invoked CLIST ended with a return code = 16
USERA.BLDPORT.JOB55116.D0000121.? was preallocated (no free was done).
READY
ERROR from job BLDPORT under SYSA
Creating connection
Turning on VERBOSE in the connection
Setting URL to HTTPS://COMPANYACOM
Setting port to 1443
Turning on SSL
Setting SSL key type
Setting keyring to IZUAPIKY
Setting cookie type
Connecting
*ERROR* (hwthconn) at time: 16:38:08
Rexx RC: 0, Toolkit ReturnCode: 262 (x106)
DiagArea.Service: 1441793
DiagArea.ReasonCode: 435
DiagArea.ReasonDesc: Certification authority is unknown
** hwthconn failure **
ISPD117
The initially invoked CLIST ended with a return code = 16
USERA.BLDPORT.JOB55116.D0000121.? was preallocated (no free was done).
READY
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
Client certificate and root certificates must be on the user's keyring executing the job.
Root certificate chain was missing from the keyring.
This particular site was using a 3 root Certificate Authority chain.
Certificate1 signed Certificate2. Certificate2 signed Certificate 3.
This means all 3 certificates also need to be on the keyring.
TSS ADD(USERA) KEYRING(IZUAPIKY) RINGDATA(CERTAUTH,CERT1) USAGE(CERTAUTH)
TSS ADD(USERA) KEYRING(IZUAPIKY) RINGDATA(CERTAUTH,CERT2) USAGE(CERTAUTH)
TSS ADD(USERA) KEYRING(IZUAPIKY) RINGDATA(CERTAUTH,CERT3) USAGE(CERTAUTH)
Root certificate chain was missing from the keyring.
This particular site was using a 3 root Certificate Authority chain.
Certificate1 signed Certificate2. Certificate2 signed Certificate 3.
This means all 3 certificates also need to be on the keyring.
TSS ADD(USERA) KEYRING(IZUAPIKY) RINGDATA(CERTAUTH,CERT1) USAGE(CERTAUTH)
TSS ADD(USERA) KEYRING(IZUAPIKY) RINGDATA(CERTAUTH,CERT2) USAGE(CERTAUTH)
TSS ADD(USERA) KEYRING(IZUAPIKY) RINGDATA(CERTAUTH,CERT3) USAGE(CERTAUTH)
Feedback
Yes
No
Powered by
