Missing Root with Connect Direct

book

Article ID: 15401

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Resolving a missing root certificate condition with Connect Direct



Having problem establishing an SSL Connect Direct. Sent an SSLTRACE to IBM and they came back with the following:

 

Server sent a chain of 3 certs, sysa.fnfismd.com which was signed by Intermediate cert Symantec class 3 Secure Server CA - G4 which was signed by Root cert Verisign Class 3 Public Primary Certification Authority - G5. The issue is an Alert 42 which is occuring because the Root certificate is not in the keyring 'FRB KEY RING OUT BOUND'
so we can't authenticate the certificates sent by the server.

The root cert from Black Knight, Verisign Class 3 Public Primary Certification Authority - G5, is not loaded in your
Key ring FRB KEY RING OUT BOUND.

Work with your Security person to ensure the Root certificate is loaded and try the process again.  

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

Need to add the missing root certificates to Connect Direct's started task acids keyring:

TSS ADD(CONNECT) KEYRING(CDRING) RINGDATA(CERTAUTH,ROOT1) USAGE(CERTAUTH)
TSS ADD(CONNECT) KEYRING(CDING) RINGDATA(CERTAUTH,ROOT2) USAGE(CERTAUTH)