Debugging SSL Keyring Problems Requires SSL tool: GSKTRACE.


Article ID: 50055


Updated On:


CA Cleanup CA Datacom CA DATACOM - AD CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE



Debugging System SSL keyring problems will require the use of IBM's System SSL trace tool: gsktrace.

Information on the tool is located in Chapter 11, "Obtaining Diagnostic Information" in: IBM z/OS Cryptographic Services System Secure Sockets Layer Programming.


Procedures for setting up and reset a gsktrace.


  1. /bin/cd <LDAP-DIRECTORY> # Change directory to the LDAP installed directory

  2. ls -otrE slapd.env* # You should see slapd.env

  3. /bin/cp slapd.env slapd.env.gsk # This will copy the slapd.env to another file named slapd.env.gsk

  4. ls -otrE slapd.env* # You should see slapd.env.gsk and slapd.env

  5. /bin/echo "GSK_TRACE=0xffff" >> slapd.env # Make sure there's two >> characters. it will add variable to end of your sldap.env


Recycle your LDAP server and execute the transaction. (Pause and Start your LDAP server)


  1. /bin/cd /tmp # Change directory to /tmp

  2. /bin/ls -otr gskssl* # Look for the latest trace file, where the last displayed is the newest

  3. gsktrace input_trace_file > output_trace_file # Create readable trace file as in example above

  4. Ship the output_trace_file back for analysis.

NOTE: To clean up from the tests do the following on OMVS:

  1. /bin/cd <LDAP-DIRECTORY> # Change directory to the LDAP installed directory

  2. /bin/mv slapd.env.gsk slapd.env # Move the original slapd.env back into place.

  3. /bin/cd /tmp # Change directory to the /tmp directory

  4. /bin/rm gskssl* # Remove all GSK file


Component: AWAGNT