JES2EDS keyring open error using Top Secret


Article ID: 197383


Updated On:


CA Top Secret CA Top Secret - LDAP CA Web Administrator for Top Secret


Trying to setup digital certificates with JES2EDS process  to allow email messages via JES2 & ZOSMF and receiving a RSN 202 for a GSK_KEYRING_OPEN_ERROR. This occurs when the WebToolKit calls the security product (TSS) to open the keyring.

IBM trace shows the following:

t-Entry: iconnImpl

t: Connecting to SYSTPRD1 via port 443

t: Attempting to connect to IP address:

t-Entry: setSocketOptions

t: Set the send() timeout value to: 10

t: Set the recv() timeout value to: 30

t-Exit: setSocketOptions

t: Connection established using socket: 0

t-Entry: initTranslationTables

t-Exit: initTranslationTables

t-Entry: checkForTTLS

t: Socket maps to TTLSRule: (none)

t: ATTLS is *not* in effect

t-Entry: initSSLEnv

t: Creating a new SSL environment

t: Using the default SSL protocols

t: Setting SSL key database to: JES2/

t: Unable to initialize SSL environment.

t-Entry: error

t: An error occurred: Error detected while opening the certificate database

t: Reason code: 202

t: Return code: -1

t: Service: 19

t: Service Instance: 0

t-Exit: error

t-Entry: setReturnCode

t-Exit: setReturnCode

t: Disconnecting new socket due to SSL initialization failure

t-Entry: idiscImpl

t: Closing socket: 0

t-Exit: idiscImpl

The 202 error translates to a GSK_KEYRING_OPEN_ERROR and is ultimately surfaced by JES as:

$HASP1529 106 0202 Error detected while opening the certificate database 


Release : 16.0

Component : CA Top Secret for z/OS


A TSSOERPT  showed  acid JES2EDS and keyring label JES2EDS which is not the intended acid and keyring.

Need to specify the correct acid and keyring label name in the application setting .