In the ACF2 UNIXSVC report (ACFRPTOM), there are 'Profile for Ring_name not found' errors along with TTLS Error RC: 202 and RC: 5006. Why is the keyring not being picked up?
Sample Errors seen:
In OM report:
R_datalib TESTUSR TESTGRP 0 0 8 8 84
04/27/22 22.117 9.58.48 TCPIP
Failed - Profile for Ring_name not found
In SYSLOG:
EZD1287I TTLS Error RC: 202 Environment Link 261
EZD1287I TTLS Error RC: 5006 Initial Handshake 263
Release : 16.0
Component : ACF2 for z/OS
The AT-TLS policy specified an incorrect ringname in TTLSKeyringParms. Changing the policy to match the RINGNAME parameter on the keyring resolved the issue.
Example:
In ACF2:
SET P(USER) DIV(KEYRING)
LIST TEST.RING
KEYRING / TEST.RING LAST CHANGED BY USER001 ON 04/27/22-07:41
DEFAULT(TEST.CERT) RINGNAME(TestKeyring)
In AT-TLS:
TTLSKeyringParms
{
Keyring TestKeyring
}