RC: 541 while testing SYSVAPPS using AT-TLS
search cancel

RC: 541 while testing SYSVAPPS using AT-TLS

book

Article ID: 262232

calendar_today

Updated On:

Products

SYSVIEW Performance Management

Issue/Introduction

Customer configured AT-TLS with only server and it worked.  But when they configured for serverwithclientauth they had the following errors in the SYSLOG:

 
EZD1287I TTLS Error RC:  541 Initial Handshake 837    
              
  LOCAL: aaa.bbb.ccc.dd..10553           ===> IP masked from the original                                       
  REMOTE: aa.bbb.c.dd..56414              ===> IP masked from the original
  JOBNAME: SYSVAPPS RULE: SYSVAPPS                                   
  USERID: SYSVIEW GRPID: 00000138 ENVID: 00003FE9 CONNID: 02A75442
  
EZD1287I TTLS Error RC:  541 Initial Handshake 838                   

  LOCAL: aaa.bbb.ccc.dd..10553           ===> IP masked from the original                                       
  REMOTE: aa.bbb.c.dd..56415              ===> IP masked from the original                                   
  JOBNAME: SYSVAPPS RULE: SYSVAPPS                                   
  USERID: SYSVIEW GRPID: 00000138 ENVID: 00003FE9 CONNID: 02A75444 

Cause

-

Resolution

From IBM's Function Return Codes  :

 
541

Remote partner indicates sent certificate is not valid.
 
 
Update the RACF name filtering in order to map the certificate to the RACF user.    
 
 

Additional Information

For IBM info on certificate name filtering, see:  IBM's Function Return Codes.