When trying to initialize IZUSVR1, the following errors occurred:
- CWPKI0033E: The keystore located at safkeyringhybrid:///IZUKeyring.I ZUDFLT did not load because of the following error: Errors encountered loading keyring. Keyring could not be loaded as a JCECCARACFKS or JCERACFKS keystore.
- 08-97 security violation in CA Top Secret for an IBMFAC resource of IRR.DIGTCERT.
What is needed to resolve this?
Release: TOPSEC00200-15-Top Secret-Security
The 08-97 violation indicates the ACID has the wrong access level to the resource. To authorize the user to use digital certificates, the ACID needs CONTROL access to IBMFAC(IRR.DIGTCERT). Issue TSS LIST(acid) DATA(XAUTH,PROFILE) RESCLASS(IBMFAC) and find the permit for IBMFAC(IRR.DIGTCERT) that does not include CONTROL access. Note the current access levels for this resource. Revoke this permit and re-permit so the access includes CONTROL:
TSS REVOKE(acid) IBMFAC(IRR.DIGTCERT)
TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT) ACC(CONTROL,acc1,acc2)
where 'acc1,acc2' are the access level(s) on the original permit that did not include CONTROL access.