ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

I am setting up a FTPD Server certificate for secure FTP connection between 2 mainframes and I am getting 'Unable to get default key label' error, what causes this?

book

Article ID: 39437

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Question:  

I am setting up a FTPD Server certificate for secure FTP connection between 2 mainframes
and I am getting 'ERROR edit_ciphers(): Unable to get default key label: Error 0x0335300e',
what causes this?

 

Answer: 

If the Server Personal certificate does not have the TRUST status the certificate

will not be returned when the server intializes and issue R_datalib calls to

retrieve all of the certificates CONNECTed to the Keyring. If the Server certificate

is not returned the 'Unable to get default key label' error can occur.

 

To check if a certificate has the TRUST attribute the TSO, ACF, CHKCERT command

can be used to display  certificate information including the TRUST|NOTRUST

status.

 

The CHKCERT subcommand can be issued in any mode of the ACF command. It has the following syntax:

 

CHKcert {logonid Label(label) |logonid.suffix | DSname(data-set-name)}

 

Additional Information:

 

Details on the CHKCERT command can be found in the CA ACF2 for z/OS Administration Guide,

Chapter 26: Digital Certificate Support, section 'Processing Digital Certifications with CA ACF2'. 

Environment

Release:
Component: ACF2MS