This article documents an error with KEYRING trying to establish TLS connection through PAGENT.
The Keyring is defined as follows in pagent_TTLS.confg
TTLSKeyringParms groupSAFKeyringTST1
Keyring TCP/KeyringTST1
The keyring is defined as follows in Top Secret:
KEYRING = RingTST1 ACCESSORID = TCP
KEYRING LABEL = RingTST1
The messages received trying to establish TLS connection through PAGENT are:
000059E7 RC: 202 Call GSK_ENVIRONMENT_INIT - 00000053B8728220
00000000 RC: 202 Environment Master Init 0000000000000000
00000000 LOCAL: **N/A** REMOTE: **N/A** JOBNAME: **N/A** USERID: FTP RULE: **N/A** RC: 202 Environment Master Init 0000000000000000
00000000 RC: 202 Environment Link 0000000000000000 00000030
00000000 LOCAL: **N/A** REMOTE: **N/A** JOBNAME: **N/A** USERID: FTP RULE: **N/A** RC: 202 Environment Link 0000000000000000 00000030
000059E7 Initial Handshake ACTIONS: groupActionDiagnosticON groupServerKeyringSYST groupServerCipherFTPABCXY HS-Server
000059E7 RC: 5006 Initial Handshake 0000000000000000 0000000000000000 0000000000000000
000059E7 LOCAL: ip-address REMOTE: ip-address JOBNAME: FTPJOB USERID: FTP RULE: FTPABCXY RC: 5006 Initial Handshake 0000000000000000 0000000000000000 0000000000000000
000059E6 RC: 0 Receive Reset
000059E6 RC: 406 Call GSK_SECURE_SOCKET_INIT - 00000053B872B290
000059E6 RC: 406 Initial Handshake 0000000000000000 00000053B87223F0 0000000000000000
000059E6 LOCAL: ip-address REMOTE: ip-address JOBNAME: JOBNAME USERID: USER001 RULE: RULE RC: 406 Initial Handshake 0000000000000000 00000053B87223F0 0000000000000000
000059E6 RC: 0 Connection Close 0000000000000000
000059E7 RC: 0 Connection Close 0000000000000000
Release : 16.0
The keyring name in the pagent_TTLS.confg must match the keyring label name for the started task using SSL.
The keyring is case-sensitive and must match exactly.
The complete certificate chain must be on the keyring and each one defined correctly to the keyring.
The keyring label name and the keyring specification in the config file don't match.
The keyring label name is RingTST1
KEYRING = RingTST1 ACCESSORID = TCP
KEYRING LABEL = RingTST1
The keyring specification in the pagent_TTLS.confg file is KeyringTST1
TTLSKeyringParms groupSAFKeyringTST1
Keyring TCP/KeyringTST1
There are two options to solve this: