Trying to download maintenance directly to our mainframe and am getting an error when using the SMPE Receive Order function from the Internet Service Retrieval or Create Service Order.
The certificates setup and the keyring configured but the job will not connect to the Broadcom Servers.
The SMP/E RECEIVE ORDER job starts and generates the following failure:
GIM68700I ORDER ORD00003 HAS BEEN SENT TO THE SERVER AT https://eapi.broadcom.com/receiveorder.
GIM69144I ORDER ORD00003 IS READY FOR DOWNLOAD.
GIM69207S ** RECEIVE PROCESSING HAS FAILED BECAUSE THE CONNECTION WITH THE SERVER FAILED.
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed:
com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested
GIM20501I RECEIVE PROCESSING IS COMPLETE. THE HIGHEST RETURN CODE WAS 12.
GIM20502I SMP/E PROCESSING IS COMPLETE. THE HIGHEST RETURN CODE WAS 12. SMP/E IS AT LEVEL 36.106.
SMP/E Receive Order (SMP/E Internet Service Retrieval)
Create Service Order
Use the CHKCERT command to verify that the certificates on the keyring are the right ones.
Each security product (TSS, ACF2, RACF) provides a CHECKCERT command.
Refer to your ESM product documentation for information and details.
Here is some guidance for CA-TSS customers:
Looking at our documentation:
Obtain the Certificates for CA SMP/E Internet Service Retrieval
our customers are instructed to download three certificates.
Verify by doing the following:
If you do not get a message indicating that the certificates are already on the security file, then you have the wrong certificates.
You will then need to install the new ones per the doc and add them to the keyring per the doc.