Trying to setup digital certificates with JES2EDS process to allow email messages via JES2 & ZOSMF and receiving a RSN 202 for a GSK_KEYRING_OPEN_ERROR. This occurs when the WebToolKit calls the security product (TSS) to open the keyring.
IBM trace shows the following:
t: Connecting to SYSTPRD1 via port 443
t: Attempting to connect to IP address: 172.16.13.51
t: Set the send() timeout value to: 10
t: Set the recv() timeout value to: 30
t: Connection established using socket: 0
t: Socket maps to TTLSRule: (none)
t: ATTLS is *not* in effect
t: Creating a new SSL environment
t: Using the default SSL protocols
t: Setting SSL key database to: JES2/
t: Unable to initialize SSL environment.
t: An error occurred: Error detected while opening the certificate database
t: Reason code: 202
t: Return code: -1
t: Service: 19
t: Service Instance: 0
t: Disconnecting new socket due to SSL initialization failure
t: Closing socket: 0
The 202 error translates to a GSK_KEYRING_OPEN_ERROR and is ultimately surfaced by JES as:
$HASP1529 106 0202 Error detected while opening the certificate database
Release : 16.0
Component : CA Top Secret for z/OS
A TSSOERPT showed acid JES2EDS and keyring label JES2EDS which is not the intended acid and keyring.
Need to specify the correct acid and keyring label name in the application setting .