CWPKI0033E Initializing IZUSVR1 With Top Secret

book

Article ID: 14309

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

When trying to initialize IZUSVR1, the following errors occurred: 

- CWPKI0033E: The keystore located at safkeyringhybrid:///IZUKeyring.I ZUDFLT did not load because of the following error: Errors encountered loading keyring. Keyring could not be loaded as a JCECCARACFKS or JCERACFKS keystore.

- 08-97 security violation in Top Secret for an IBMFAC resource of IRR.DIGTCERT.

What is needed to resolve this?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

The 08-97 violation indicates the ACID has the wrong access level to the resource. To authorize the user to use digital certificates, the ACID needs CONTROL access to IBMFAC(IRR.DIGTCERT). Issue TSS LIST(acid) DATA(XAUTH,PROFILE) RESCLASS(IBMFAC) and find the permit for IBMFAC(IRR.DIGTCERT) that does not include CONTROL access. Note the current access levels for this resource. Revoke this permit and re-permit so the access includes CONTROL:

TSS REVOKE(acid) IBMFAC(IRR.DIGTCERT)

TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT) ACC(CONTROL,acc1,acc2)

where 'acc1,acc2' are the access level(s) on the original permit that did not include CONTROL access.