Cross-posted between RACF-L and IBM-MAIN. Ok, I am, or rather my CICS/WebSphere colleague is, in PMR land...
I've gotten many suggestions and hints on-list and off-list. Many thanks to all. Much appreciated. Some of the hints I tried out: - Used OpenSSL to test out ip address and port (openssl s_client -connect <....>:3103) - Certs looking right despite being self-signed, but there are doubts about same cipher suite used by both CICS and WebSphere. - I was asked to look at MSGUSR which yielded few info besides TCPIPSERVICE definitions and CipherSuite used. - I was suggested to make a cert 'default' in the keyrings. I did that. - Checked the access to the certs/keyrings for both WebSphere and CICS. All is looking good. No access problems were found. - GSK traces turned out empty. This is not the first time I used GSK trace, but in this case the GSK traces are empty for both the CICS and WebSphere. - We were asked to look for DFHWB0363 message when we get HTTP 403 message. Nothing. So, it looks no handshake is taking place at all or setup is wrong or something like that. Or we missed something horribly... IBM suggested that dumps were to be generated and that we send them the RACDCERT results to them. I will for now stay offlist until we get something... Thanks again to all! Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
