z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


467

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

467
Signature algorithm not in signature algorithm pairs list.

Explanation

A signature algorithm that is used to sign a local or peer certificate is not included in the signature algorithm pairs list. The server certificate chain must use signature algorithms included in the signature algorithm pairs that are presented by the client during the TLS handshake. The client certificate chain must use signature algorithms included in the signature algorithm pairs that are presented by the server during the TLS handshake.

User response

Ensure that the signatures of the local and peer certificates in the certificate chain use signature algorithms that are present in the signature algorithm pairs list that is presented by the session partner. If the certificate chain is correct, then configure the client or server or both to specify all necessary signature algorithms pairs in the environment variable GSK_TLS_SIG_ALG_PAIRS to allow use of the certificate chain. See Table 6 for a list of valid 4-character signature algorithm pair definitions.

Parent topic: SSL function return codes

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014