DFHSO0128A applid Information to specify a bind to an LDAP server cannot be obtained from the PROXY segment of CRLPROFILE profile.
Explanation
The CRLPROFILE system initialization parameter has been specified, but the information required by CICS and System SSL to perform a bind to an LDAP server cannot be obtained from the profile that it identifies.
CICS has attempted to extract the following information from the PROXY segment of the profile profile in the LDAPBIND class of the external security manager's database:
- LDAPHOST
-
The Uniform Resource Locator (URL) of an LDAP server that contains certificate revocation information
- BINDDN
-
The LDAP distinguished name of a user who is authorized to access certificate revocation lists in the specified LDAP server
- BINDPW
-
The password used to authenticate the user specified by BINDDN.
Either the specified profile does not exist, or CICS does not have authority to access the profile, or one or more of the required components are missing from the profile.
System action
The CICS SSL function cannot retrieve certificate revocation lists to determine whether certificates have been revoked. To prevent further error messages, the CRLPROFILE function has been disabled. Therefore CICS will be unable to check whether SSL certificates are revoked.
User response
Ensure that the profile profile in the LDAPBIND class of the security manager is defined with a PROXY segment that contains all three required components. Also ensure that the CICS region userid had READ access to the profile, then restart CICS.
Module
DFHSOSEXMEOUT parameters/Message inserts
- applid
- profile
Destination
Console