Currently a FTP transmission to a business partner is now failing with the following messages:
EZA1701I >>> AUTH TLS
234
AUTH TLS successful
EZA2897I Authentication negotiation failed
EZA2898I Unable to successfully negotiate required authentication
EZA1735I Std Return Code = 10234, Error Code = 00017
Release : 16.0
Component : CA ACF2 for z/OS
FTP TCPIP.TCPPARMS pointed to keyring with just the ringname: Keyring ABCDring but the KEYRING is owned by another userid/logonid. FTP SSL job running under logonid USER001 Keyring is owned by logonid ABCDFTP:
KEYRING / ABCDFTP.RING LAST CHANGED BY ABCJ0 ON 01/21/20-08:57
DEFAULT() RINGNAME(ABCDring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.DDDDDDCA DigiCert Secure Server CA CERTAUTH
CERTAUTH.CCCCCERT IBM SMPE Cert Auth CERTAUTH
CERTAUTH.ABCDORG ABCD.ddd.org CERTAUTH
When using a key ring owned by another user, specify the ring name as "userid/ringname".
To correct the problem:
Change TCPIP.TCPPARMS from:
Keyring ABCDring
To:
Keyring ABCDFTP/ABCDring