search cancel

ACF2 Profile for Ring_name not found errors when specifying ACF2 Keyring in AT-TLS TTLSKeyringParms

book

Article ID: 240413

calendar_today

Updated On:

Products

ACF2 - z/OS ACF2 ACF2 - MISC

Issue/Introduction

In the ACF2 UNIXSVC report (ACFRPTOM), there are 'Profile for Ring_name not found' errors along with TTLS Error RC: 202 and RC: 5006. Why is the keyring not being picked up?

Sample Errors seen:

In OM report:
R_datalib        TESTUSR   TESTGRP             0           0   8      8     84
04/27/22  22.117    9.58.48 TCPIP        
Failed - Profile for Ring_name not found

In SYSLOG:
EZD1287I TTLS Error RC:  202 Environment Link 261

EZD1287I TTLS Error RC: 5006 Initial Handshake 263

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

The AT-TLS policy specified an incorrect ringname in TTLSKeyringParms. Changing the policy to match the RINGNAME parameter on the keyring resolved the issue.

Example:

In ACF2:
SET P(USER) DIV(KEYRING)
LIST TEST.RING
  KEYRING / TEST.RING LAST CHANGED BY ADMIN ON 04/27/22-07:41
                       DEFAULT(TEST.CERT) RINGNAME(TestKeyring)

In AT-TLS:
TTLSKeyringParms                                     
  {                                                    
     Keyring                      TestKeyring    
  }