I am setting up a FTPD Server certificate for secure FTP connection between 2 mainframes and I am getting 'Unable to get default key label' error, what causes this?

book

Article ID: 39437

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Question:  

I am setting up a FTPD Server certificate for secure FTP connection between 2 mainframes
and I am getting 'ERROR edit_ciphers(): Unable to get default key label: Error 0x0335300e',
what causes this?

 

Answer: 

If the Server Personal certificate does not have the TRUST status the certificate

will not be returned when the server intializes and issue R_datalib calls to

retrieve all of the certificates CONNECTed to the Keyring. If the Server certificate

is not returned the 'Unable to get default key label' error can occur.

 

To check if a certificate has the TRUST attribute the TSO, ACF, CHKCERT command

can be used to display  certificate information including the TRUST|NOTRUST

status.

 

The CHKCERT subcommand can be issued in any mode of the ACF command. It has the following syntax:

 

CHKcert {logonid Label(label) |logonid.suffix | DSname(data-set-name)}

 

Additional Information:

 

Details on the CHKCERT command can be found in the CA ACF2 for z/OS Administration Guide,

Chapter 26: Digital Certificate Support, section 'Processing Digital Certifications with CA ACF2'. 

Environment

Release:
Component: ACF2MS