IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

How to create issuer certificate? :'(


IBM Mainframe Forums -> All Other Mainframe Topics
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Sat Nov 18, 2017 5:14 am
Reply with quote

Hi,

I am trying to import a encryption certificate using gskkyman utility in OMVS
From this menu,
Code:
    Key Management Menu                                   
                                                           
     Database: /u/wells/key.kdb                           
     Expiration: None                                       
                                                           
 1 - Manage keys and certificates                           
 2 - Manage certificates                                   
 3 - Manage certificate requests                           
 4 - Create new certificate request                         
 5 - Receive requested certificate or a renewal certificate
 6 - Create a self-signed certificate                       
 7 - Import a certificate                                   
 8 - Import a certificate and a private key                 
 9 - Show the default key                                   
10 - Store database password                               
11 - Show database record length   

Selected option 4 - Create new certificate request
It generated a certificate request file.

Used the certificate request file and obtained a signed certificate.
When I try to import the signed certificate using option 5 - Receive requested certificate or a renewal certificate, I get the below error

Code:
       Key Management Menu                                             
                                                                       
       Database: /u/wells/key.kdb                                     
       Expiration: None                                                 
                                                                       
   1 - Manage keys and certificates                                     
   2 - Manage certificates                                             
   3 - Manage certificate requests                                     
   4 - Create new certificate request                                   
   5 - Receive requested certificate or a renewal certificate           
   6 - Create a self-signed certificate                                 
   7 - Import a certificate                                             
   8 - Import a certificate and a private key                           
   9 - Show the default key                                             
  10 - Store database password                                         
  11 - Show database record length                                     
                                                                       
   0 - Exit program                                                     
                                                                       
Enter option number (press ENTER to return to previous menu): 5         
                                                                       
Enter certificate file name (press ENTER to return to menu): paccert.arm
                                                                       
Unable to import certificate.                                           
Status 0x03353024 - Issuer certificate not found.                       


QuickRef has the below information
Code:
03353024 Issuer certificate not found.
Explanation: An issuer certificate is not found while
validating a certificate. This error can occur if the issuer
certificate required for a new certificate is not in the key
database or if the required issuer certificate is not
trusted or has expired.
User response: Ensure that the key database
contains the required issuer certificate and that the
certificate is marked as trusted. Refer to ?Database
Menu? on page 375 for information on displaying the
contents of an external certificate file in order to verify
which issuer certificate is required. Contact your service
representative if the error persists.

Could you please let me know how to create a issuer certificate?

I will be eternally grateful if someone points towards a solution icon_biggrin.gif

Regards,
Vasanth.S
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Tue Nov 21, 2017 5:11 am
Reply with quote

Lucky day today icon_biggrin.gif
Quote:
Status 0x03353024 - Issuer certificate not found.

I believe that this error means that the certificate being imported does not contain the whole certificate authority chain.
Quote:
If the CA certificate that is being imported was signed by another CA certificate, the complete chain must be present in the key database file or z/OSĀ® PKCS #11 token before the import.

I imported the whole certificate chain and it worked icon_biggrin.gif (Serendipity)
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> All Other Mainframe Topics

 


Similar Topics
Topic Forum Replies
No new posts To create an empty file COBOL Programming 5
No new posts Add the name in the PS file and creat... DFSORT/ICETOOL 9
No new posts How to create UUID using COBOL COBOL Programming 0
No new posts Create Header Dtae as MMDDYYYY DFSORT/ICETOOL 16
No new posts IFTHEN HIT=NEXT BUILR should create m... DFSORT/ICETOOL 5
Search our Forums:

Back to Top