RC: 406 establishing TLS connection through PAGENT
search cancel

RC: 406 establishing TLS connection through PAGENT

book

Article ID: 259669

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

This article documents an error with KEYRING trying to establish TLS connection through PAGENT.

 

The Keyring is defined as follows in  pagent_TTLS.confg

 

TTLSKeyringParms                  groupSAFKeyringTST1
 Keyring                         TCP/KeyringTST1



The keyring is defined as follows in Top Secret:

 

 KEYRING =  RingTST1         ACCESSORID = TCP

KEYRING LABEL = RingTST1

 

The messages received trying to establish TLS connection through PAGENT are:

 

000059E7  RC:  202 Call GSK_ENVIRONMENT_INIT - 00000053B8728220
00000000  RC:  202 Environment Master Init 0000000000000000
00000000 LOCAL: **N/A** REMOTE: **N/A** JOBNAME: **N/A** USERID: FTP  RULE: **N/A**  RC:  202 Environment Master Init 0000000000000000
00000000  RC:  202 Environment Link 0000000000000000 00000030
00000000 LOCAL: **N/A** REMOTE: **N/A** JOBNAME: **N/A** USERID: FTP  RULE: **N/A**  RC:  202 Environment Link 0000000000000000 00000030
000059E7 Initial Handshake ACTIONS: groupActionDiagnosticON groupServerKeyringSYST groupServerCipherFTPABCXY HS-Server
000059E7  RC: 5006 Initial Handshake 0000000000000000 0000000000000000 0000000000000000
000059E7 LOCAL: ip-address       REMOTE: ip-address         JOBNAME: FTPJOB USERID: FTP RULE: FTPABCXY  RC: 5006 Initial Handshake 0000000000000000 0000000000000000 0000000000000000
000059E6  RC:    0 Receive Reset
000059E6  RC:  406 Call GSK_SECURE_SOCKET_INIT - 00000053B872B290
000059E6  RC:  406 Initial Handshake 0000000000000000 00000053B87223F0 0000000000000000
000059E6 LOCAL: ip-address REMOTE: ip-address       JOBNAME: JOBNAME USERID: USER001 RULE: RULE           RC:  406 Initial Handshake 0000000000000000 00000053B87223F0 0000000000000000
000059E6  RC:    0 Connection Close 0000000000000000
000059E7  RC:    0 Connection Close 0000000000000000

Environment

Release : 16.0

Cause

The keyring name in the pagent_TTLS.confg must match the keyring label name for the started task using SSL.

The keyring is case-sensitive and must match exactly.

The complete certificate chain must be on the keyring and each one defined correctly to the keyring.



The keyring label name and the keyring specification in the config file don't match.

 

The keyring label name is RingTST1

 

 KEYRING =  RingTST1         ACCESSORID = TCP
KEYRING LABEL = RingTST1

 

 

The keyring specification in the  pagent_TTLS.confg file is KeyringTST1

 

TTLSKeyringParms                  groupSAFKeyringTST1
 Keyring                         TCP/KeyringTST1

Resolution

There are two options to solve this:

 

  1. Change the Keyring in the PAGENT config file (pagent_TTLS.confg) to TCP/RingTST1  to match with the Keyring label of the keyring
  2. Or change the keyring label name to RingTST1 to match with the Keyring defined in the PAGENT config file (pagent_TTLS.confg) which is KeyringTST1.