ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Connect:Direct CSPA202E error after renewing certificate on ACF2 keyring

book

Article ID: 240872

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

After inserting a renewed client certificate into ACF2, connecting and rebuilding the keyring in ACF2, and performing an SSL refresh in Connect:Direct, the following error is seen when trying to test the new certificate:

CSPA202E SSL handshake failure, reason=Internal error reported by     
CSPA202E remote partner    

 

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

On the INSERT of the renewed certificate signed by a 3rd party CA, the LABEL was changed in ACF2, but not on Connect:Direct. After changing the label back to what it was before the INSERT with the NEWLABEL parameter, and performing an SSL refresh on Connect:Direct, the SSL/TLS connection was allowed.

NEWLABEL examples:

SET P(USER) DIV(CERTDATA)
CHA TESTUSR LABEL(AccidentalChange) NEWLABEL(OriginalLabel)  << LABEL parameter must be specified if the record key does not have a suffix
CHA TESTUSR.CERT1 NEWLABEL(OriginalLabel)  << LABEL parameter does not need to be specified for a record key with a suffix 

F ACF2,REBUILD(USR),CLASS(P)
F ACF2,OMVS(CERTDATA)