Thanks @Colin and @Selva. That was it. I kind of knew this. I have been working a lot on certificate reporting and I kind of compartmentalized this restriction as "if you are reporting on certificates you will have this access issue."
Of course it affects server access too. I did make the mistake of thinking the relevant userid was TCPIP's or PAGENT's. No, of course, it's the userid of the actual private key "consuming" application (such as a Web server). Thanks again. Charles On Thu, 22 May 2025 19:38:57 +0100, Colin Paice <colinpai...@gmail.com> wrote: >The server userid needs access to the keyring. If the private key belongs >to the server's userid, then the server's userid needs read access to the >keyring. If the private key belongs to a different userid, the server's >userid needs update access to the keyring. See here ><https://www.ibm.com/docs/en/zos/3.1.0?topic=library-usage-notes> for more >information. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
