Keyring (and certs) must belong to the Web Server user.
El jue, 22 may 2025, 20:06, Charles Mills <charl...@mcn.org> escribió: > I am trying to configure AT-TLS to secure a Web server connection. I get > no errors on the PAGENT REFRESH. > > When the browser tries to connect the first error I get is EZD1287I TTLS > Error RC: 428 Initial Handshake > > EZD1287I 428 is documented as Connection Init The private key cannot be > obtained from the certificate. If the private key is stored in ICSF... (The > private key is not in ICSF.) > > A LISTCHN on the certificate shows > > Key Usage: HANDSHAKE > Key Type: RSA > Key Size: 2048 > Private Key: YES > > The keyring and the certificate are both owned by TCPIP, which is the > owner of PAGENT. > > Has anyone seen this? Can anyone explain why AT-TLS "cannot obtain the > private key from the certificate"? > > I am pretty confident that this is not a naming "oops" but of course > anything is possible. > > Thanks, > Charles > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
