In trying to set up an SSL/TLS connection for an application using an ACF2 keyring, the following error is seen in the GSKTRACE taken by the application support team:

GSK: 311AD758 Error in gsk_secure_socket_init(): Key entry does not contain a private key (428)

Why is this error occurring? 

Release : 16.0

Component : ACF2 for z/OS

The original RDATALIB (RDA) resource class rule that was written was not changed after the ringname was changed. The RDA resource call has a syntax of ringowner.ringname.LST. READ access is required for keyring access and UPDATE access is required to read the private key since the logonid that needed access was not the certificate owner.

Old Rule:
$KEY(USER01) TYPE(RDA)                                              
$USERDATA(USER01 KEYRING)                                                                            
  OLDRING.LST UID(**************USER02) SERVICE(UPDATE) ALLOW

Updated Rule: 
$KEY(USER01) TYPE(RDA)                                              
$USERDATA(USER01 KEYRING)                                                                            
  NEWRING.LST UID(**************USER02) SERVICE(READ,UPDATE) ALLOW