EZD1387I

Explanation
 The Network Security Services (NSS) server is
configured to run in a mode that supports Federal Information Processing
Standard 140 (FIPS 140). The NSS server  detected that a certificate
with the specified label contains an RSA key that is not allowed in
FIPS 140 mode. The certificate will not be available for the NSS IPSec
certificate service. See the information about FIPS
140 and IP security in z/OS Communications Server: IP Configuration
Guide.
 In the message text:  label	
The label of the certificate.

System action
 NSS server processing continues.

Operator response
 None.

System programmer response
 If FIPS 140 support is required and
the certificate is required for the IPSec discipline, rekey the certificate
with an RSA key that has a key size of 1024 bits or greater.  If using
IKEv2 you can rekey the certificate using an ECDSA key of any length
instead of an RSA key. If FIPS 140 support is not required for the
NSS server, stop the server,  configure FIPS140 No in the NSS server
configuration file, and restart the server.

User response
 Not applicable.

Problem determination
 None.

Source
 z/OS® Communications
Server TCP/IP: Network Security Server

Module
 CertRepository.cpp

Routing code
 Not applicable.

Descriptor code
 Not applicable.

Automation
 Not applicable.

Example
  EZD1387I Certificate ( Certificate512 ) contains a key that is too short for  FIPS 140 mode. Certificate 
         unavailable for the IPSec discipline