OpenSSL (on the client side) is returning the following error:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
And AT-TLS (on the server side) is returning this error:
Mar 20 21:50:15 USI29CME TTLS[50331670]: 17:50:15 TCPIPTLS EZD1284I TTLS Flow GRPID: 00000002 ENVID: 0000000B CONNID: 00000C7C RC: 428 Call GSK_SECURE_SOCKET_INIT - 00000050167227F0
Mar 20 21:50:15 USI29CME TTLS[50331670]: 17:50:15 TCPIPTLS EZD1283I TTLS Event GRPID: 00000002 ENVID: 0000000B CONNID: 00000C7C RC: 428 Initial Handshake 0000000000000000 0000005016721C10 0000000000000000
Listing of the keyrings:
KEYRING = SRVRING ACCESSORID = USERA
ADMIN BY= BY(MASTER ) SMFID(SYSA) ON(03/24/2020) AT(10:07:37)
KEYRING LABEL = SRVRING
KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED:
ACID(CERTAUTH) DIGICERT(CLIAUTH) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(CLIAUTH )
ACID(CERTSITE) DIGICERT(CLICERT) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(CLICERT )
ACID(CERTAUTH) DIGICERT(SRVAUTH) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(SRVAUTH )
ACID(CERTSITE) DIGICERT(SRVCERT) DEFAULT(YES) USAGE(CERTSITE)
LABLCERT(SRVCERT )
Release : 16.0
Component : CA Top Secret for z/OS
RC 428 indicates that the "Key entry does not contain a private key."
Certificates with an owner of CERTSITE should have a USAGE(PERSONAL) and USAGE(CERTAUTH) for certificates owned by CERTAUTH.
Example:
KEYRING = SRVRING ACCESSORID = USERA
ADMIN BY= BY(MASTER ) SMFID(SYSA) ON(03/26/2020) AT(17:06:53)
KEYRING LABEL = SRVRING
KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED:
ACID(CERTAUTH) DIGICERT(CLIAUTH) DEFAULT(NO ) USAGE(CERTAUTH)
LABLCERT(CLIAUTH )
ACID(CERTSITE) DIGICERT(CLICERT) DEFAULT(NO ) USAGE(PERSONAL)
LABLCERT(CLICERT )
ACID(CERTAUTH) DIGICERT(SRVAUTH) DEFAULT(NO ) USAGE(CERTAUTH)
LABLCERT(SRVAUTH )
ACID(CERTSITE) DIGICERT(SRVCERT) DEFAULT(YES) USAGE(PERSONAL)
LABLCERT(SRVCERT )
TSS0300I LIST FUNCTION SUCCESSFUL
READY
END