DFHSO0128A applid Information to specify a bind to an LDAP server cannot be obtained from the PROXY segment of CRLPROFILE profile.

Explanation

The CRLPROFILE system initialization parameter has been specified, but the information required by CICS and System SSL to perform a bind to an LDAP server cannot be obtained from the profile that it identifies.

CICS has attempted to extract the following information from the PROXY segment of the profile profile in the LDAPBIND class of the external security manager's database:

LDAPHOST

The Uniform Resource Locator (URL) of an LDAP server that contains certificate revocation information

BINDDN

The LDAP distinguished name of a user who is authorized to access certificate revocation lists in the specified LDAP server

BINDPW

The password used to authenticate the user specified by BINDDN.

Either the specified profile does not exist, or CICS does not have authority to access the profile, or one or more of the required components are missing from the profile.

System action

The CICS SSL function cannot retrieve certificate revocation lists to determine whether certificates have been revoked. To prevent further error messages, the CRLPROFILE function has been disabled. Therefore CICS will be unable to check whether SSL certificates are revoked.

User response

Ensure that the profile profile in the LDAPBIND class of the security manager is defined with a PROXY segment that contains all three required components. Also ensure that the CICS region userid had READ access to the profile, then restart CICS.

Module

DFHSOSE

XMEOUT parameters/Message inserts

  1. applid
  2. profile

Destination

Console