ESM Micros Services SSL connection fails with the following errors:
ESM log:
21:15:01.800 [main] DEBUG com.ca.esm.services.ZosCertificateService - ZosCertificateService.init - begin loading certificates ...
21:15:01.803 [main] DEBUG com.ca.esm.services.ZosCertificateService - getKeyStore() - Key Store URL: safkeyring://AUTMSTC/ESMRING
21:15:02.771 [main] ERROR com.ca.esm.services.ZosCertificateService - getKeyStore() - Exception loading our keystore: java.io.IOExce
ption: The private key of CERTA is not available or no authority to access the private key
21:15:02.772 [main] DEBUG com.ca.esm.services.ZosCertificateService - loadServerKeyPair() - Key Alias: CERTA
21:15:02.772 [main] ERROR com.ca.esm.services.ZosCertificateService - Server Certificate Error. Unable to retrieve the Certificate.
Check your Configuration
21:15:02.772 [main] ERROR com.ca.esm.services.ZosCertificateService - Server certificate is not available while Running in Secure mo
de!
TSS LIST(CERTSITE) DIGICERT(digicertname) of the client certificate shows missing PRIVATE KEYSIZE which confirms there is no private key. A version of the client certificate with the private key needs to be added to the security file.
EXPORT a copy of the certificate in PKCS12 format, so the private key will be included.
Top Secret:
TSS EXPORT(acid) DIGICERT(digicertname) DCDSN(datasetname) FORMAT(PKCS12DER) PKCSPASS(password)
ACF2:
EXPORT{logonid|logonid.suffix}
DSname(data-set-name)
[LABEL(label)
[FORMAT(CERTDER|CERTB64\PKCS12DER|PKCS12B64|PKCS7DER|PKCS7B64)]
[PASSWORD(password)
RACF:
RACDCERT EXPORT(LABEL('label-name'))
[ ID(certificate-owner) | SITE | CERTAUTH ]
DSN(output-data-set-name)
[ FORMAT(
CERTDER
| CERTB64
| PKCS7DER
| PKCS7B64
| PKCS12DER
| PKCS12B64
) ]
[ PASSWORD('pkcs12-password') ]