Using XCOM to perform encrypted SSL transfers with IBM's SystemSSL
Using a SAF key ring to store certificates and private keys
Transfer fails during initialization with message:
XCOMM1510E System SSL: gsk_secure_socket_init: RC = 428: Reason = Key entry does not contain a private key
This is normally a permission issue,
Release : 12.0
Component : XCOM Data Transport for z/OS
The caller must be granted authority to retrieve the private key. It's tricky to determine what is the exact permission required as it depends on how digital certificates are protected onsite, on whether the certificate is owned by the caller or by somebody else and on whether the keyring is a virtual one or a real one.
There are some guidelines in the description of RC 428 in the SystemSSL documentation.
SystemSSL uses the R_datalib (IRRSDL00) service from RACF. The 'usage notes' section from the description of this service detail the permissions required to retrieve the private key from a certificate in each situation