Troubleshooting
Problem
You are setting up CICS Transaction Server for z/OS (CICS TS) to use WS-Security. There are no messages issued but you find an exception trace entry that states: Web Service (requester) soapFault - wsse:InternalError, failure using WSSE (CSNDDSG rc=8 rs=2040).
Symptom
There are no errors logged but WS-Security does not work. You see a failure in the auxillary trace issued from DFHWSSE from the ICSF module, CSNDDSG. This is similar to APAR PM42688.
Diagnosing The Problem
You capture an auxillary trace and see trace entries:
PI 1204 WSSE EVENT - DATA DATA(ZosCryptoKeyRSA::signSHA1PKCSBase64Signature - CSNDDSG return code: = 8)
PI 1204 WSSE EVENT - DATA DATA(ZosCryptoKeyRSA::signSHA1PKCSBase64Signature - CSNDDSG reason code: = 2040)
Resolving The Problem
If certificates are being used with WS-Security (for example signing or encryption) then the certificate MUST have a public key and the key must be managed by ICSF/PCICC. The key type must of of type 2 or 3.
The certificate should be owned by the CICS region userid (unless you follow the instructions added by PK83316 that are also in section Configuring RACF for Web Services Security in the CICS information center).
You may also need to consider Size Considerations for Private and Public Keys.
Product Synonym
CICS/TS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21572408