ESM Micros Services SSL connection fails with the following errors:

ESM log:

 21:15:01.800 [main] DEBUG com.ca.esm.services.ZosCertificateService - ZosCertificateService.init - begin loading certificates ...
 21:15:01.803 [main] DEBUG com.ca.esm.services.ZosCertificateService - getKeyStore() - Key Store URL: safkeyring://AUTMSTC/ESMRING
 21:15:02.771 [main] ERROR com.ca.esm.services.ZosCertificateService - getKeyStore() - Exception loading our keystore: java.io.IOExce
 ption: The private key of CERTA is not available or no authority to access the private key
 21:15:02.772 [main] DEBUG com.ca.esm.services.ZosCertificateService - loadServerKeyPair() - Key Alias: CERTA
 21:15:02.772 [main] ERROR com.ca.esm.services.ZosCertificateService - Server Certificate Error. Unable to retrieve the Certificate.
  Check your Configuration
 21:15:02.772 [main] ERROR com.ca.esm.services.ZosCertificateService - Server certificate is not available while Running in Secure mo
 de!

Release : 16.0

TSS LIST(CERTSITE) DIGICERT(digicertname) of the client certificate shows missing PRIVATE KEYSIZE which confirm that there is no private key.

A version of the client certificate with the private key needs to be added to the secuity file.

EXPORT a copy of the certificate the in PKCS12 format, so the private key will be included.       

Top Secret: 

TSS EXPORT(acid) DIGICERT(digicertname) DCDSN(datasetname) FORMAT(PKCS12DER) PKCSPASS(password)

ACF2:

EXPORT{logonid|logonid.suffix}
  DSname(data-set-name)
  [LABEL(label)
  [FORMAT(CERTDER|CERTB64\PKCS12DER|PKCS12B64|PKCS7DER|PKCS7B64)]
  [PASSWORD(password)

RACF:

RACDCERT EXPORT(LABEL('label-name'))

[ ID(certificate-owner) | SITE | CERTAUTH ]
DSN(output-data-set-name)
[ FORMAT(
CERTDER
| CERTB64
| PKCS7DER
| PKCS7B64
| PKCS12DER
| PKCS12B64
) ]
[ PASSWORD('pkcs12-password') ]