Darn - I found that none of the CSFSERV statements had been run. I added all of those and I still get the same error.
Back to reviewing the configuration logs. On Wed, Sep 30, 2015 at 4:43 PM, Mark Pace <[email protected]> wrote: > Yes, SSH is setup. I used a PuTTY SSH session to run the configuration > tools for OSMF. I agree, I should review all the RACF requirements that > configuration created. > > By CA the configuration does this. > > > > > *Indicates whether (Y or N) the z/OSMF security setupshould include the > creation of a Certificate Authority(CA). The CA is used to sign server > certificates that areused for secure (SSL) communication between the > user’sweb browser and the z/OSMF server. Y is the default.* > > On Wed, Sep 30, 2015 at 4:17 PM, Staller, Allan <[email protected]> > wrote: > >> Has SSH already been set up? >> >> It is possible the specified encryption algorithm is not supported, >> CSFSERV/DIGTCERT/DIGTRING classes are not active, permissions to >> IRR.DIGTCERT.* resources in the facility class not defined/permitted. >> >> I am going through a setup of SSH and have hit all of the above issues in >> the last couple of weeks. >> There is a boatload of RACF work to be done to setup SSH and it all needs >> to be correct. Check your system logs for ICH messages related to ZOSMF. >> >> >> By CA, do you mean CA = "CERTIFICATE AUTHORITY" or CA= certificate >> >> *IF* CA = "CERTIFICATE AUTORITY" there is a whole chain of verifications >> that are performed ending (I would expect) at a commercial Certificate >> Authority such as VERISIGN. >> >> If CA= certificate ,you could try a self-signed certificate. >> >> HTH, >> >> >> <snip> >> Trying to start OSMF for the first time. It appeared that all the setup >> ran cleanly. >> >> The first task starts up. >> CWWKB0056I INITIALIZATION COMPLETE FOR ANGEL >> >> But the IZUSVR1 dies >> >> Launching zosmfServer (wlp-1.0.2.cl0220130714-1602/websphere-kernel_1.0.2) >> on IBM J9 VM, version pmz6470-20110827_01 (en_US) >> AUDIT ¨ CWWKE0001I: The server zosmfServer has been >> launched. >> >> AUDIT ¨ CWWKG0010I: The server zosmfServer is shutting down because of a >> previous initialization error. >> AUDIT ¨ CWWKE0036I: The server zosmfServer stopped after 2.443 >> seconds. >> ERROR ¨ CWWKG0047E: An error occurred while attempting to verify a >> configuration document: >> file:/SYSTEM/etc/zosmf/servers/zosmfServer/server.xml, Hardware error >> from call CSNDDSV returnCode 12 reasonCode 11060. >> >> FATAL ¨ CWWKG0044E: Server shutdown because a configuration document >> does >> not contain a valid signature: >> file:/SYSTEM/etc/zosmf/servers/zosmfServer/server.xml >> >> The documentation basically says something did work, fix it. During the >> configuration I replied that I wanted a CA to be created. Has anyone seen >> this error and point in the right direction? >> I also don't get this Hardware error. >> CWWKG0044E: Server shutdown because a configuration document does not >> contain a valid signature: {0}. *Explanation* The designated configuration >> document does not contain a valid signature, or a portion of the document >> that is protected by the signature has been modified. This message is >> preceded by an error message that provides more information on the specific >> error in the document. *Action* Correct the error in the configuration >> document that was identified in the preceding error message. >> CWWKG0047E: An error occurred while attempting to verify a configuration >> document: {0}, {1}. *Explanation* An exception was thrown while >> attempting to verify that the designated configuration document contains a >> valid signature. *Action* Correct the error in the configuration document >> that is causing the exception to be thrown and then retry starting the >> server. >> </snip> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > > > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
