View previous topic :: View next topic
|
Author |
Message |
vasanthz
Global Moderator
Joined: 28 Aug 2007 Posts: 1742 Location: Tirupur, India
|
|
|
|
Hi,
I am trying to import a encryption certificate using gskkyman utility in OMVS
From this menu,
Code: |
Key Management Menu
Database: /u/wells/key.kdb
Expiration: None
1 - Manage keys and certificates
2 - Manage certificates
3 - Manage certificate requests
4 - Create new certificate request
5 - Receive requested certificate or a renewal certificate
6 - Create a self-signed certificate
7 - Import a certificate
8 - Import a certificate and a private key
9 - Show the default key
10 - Store database password
11 - Show database record length |
Selected option 4 - Create new certificate request
It generated a certificate request file.
Used the certificate request file and obtained a signed certificate.
When I try to import the signed certificate using option 5 - Receive requested certificate or a renewal certificate, I get the below error
Code: |
Key Management Menu
Database: /u/wells/key.kdb
Expiration: None
1 - Manage keys and certificates
2 - Manage certificates
3 - Manage certificate requests
4 - Create new certificate request
5 - Receive requested certificate or a renewal certificate
6 - Create a self-signed certificate
7 - Import a certificate
8 - Import a certificate and a private key
9 - Show the default key
10 - Store database password
11 - Show database record length
0 - Exit program
Enter option number (press ENTER to return to previous menu): 5
Enter certificate file name (press ENTER to return to menu): paccert.arm
Unable to import certificate.
Status 0x03353024 - Issuer certificate not found. |
QuickRef has the below information
Code: |
03353024 Issuer certificate not found.
Explanation: An issuer certificate is not found while
validating a certificate. This error can occur if the issuer
certificate required for a new certificate is not in the key
database or if the required issuer certificate is not
trusted or has expired.
User response: Ensure that the key database
contains the required issuer certificate and that the
certificate is marked as trusted. Refer to ?Database
Menu? on page 375 for information on displaying the
contents of an external certificate file in order to verify
which issuer certificate is required. Contact your service
representative if the error persists.
|
Could you please let me know how to create a issuer certificate?
I will be eternally grateful if someone points towards a solution
Regards,
Vasanth.S |
|
Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007 Posts: 1742 Location: Tirupur, India
|
|
|
|
Lucky day today
Quote: |
Status 0x03353024 - Issuer certificate not found. |
I believe that this error means that the certificate being imported does not contain the whole certificate authority chain.
Quote: |
If the CA certificate that is being imported was signed by another CA certificate, the complete chain must be present in the key database file or z/OSĀ® PKCS #11 token before the import. |
I imported the whole certificate chain and it worked (Serendipity) |
|
Back to top |
|
|
|