Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1035I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1035I Certificate cannot be used for RSA signature mode of authentication ExplanationIKE encountered a certificate that cannot be used for RSA signature mode of authentication; the IKE daemon currently supports only RSA signing IKEv1. Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon. System actionThe certificate cannot be used and the negotiation will fail if the certificate is an end-entity certificate; IKE daemon processing continues. Operator responseContact the system programmer. System programmer responseNotify the administrator of the remote security endpoint about the error and ask the administrator to verify that certificate sent to the IKE daemon for IKEv1 are using RSA signature mode. The administrator of the remote security endpoint should also verify that the key usage and the extended key usage extensions of the certificates that were sent support the creation and verification of digital signatures in an IKE flow. When the key usage extension is present, either the digital signature bit or the nonrepudiation bit must be set. When the key usage extension is present it must allow either any usage or usage with IKE. Modulepki390.cpp Procedure nameNone. |
Copyright IBM Corporation 1990, 2014
|