Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1387I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1387I Certificate ( label ) contains a key that
is too short for FIPS 140 mode. Certificate unavailable for the IPSec
discipline ExplanationThe Network Security Services (NSS) server is configured to run in a mode that supports Federal Information Processing Standard 140 (FIPS 140). The NSS server detected that a certificate with the specified label contains an RSA key that is not allowed in FIPS 140 mode. The certificate will not be available for the NSS IPSec certificate service. See the information about FIPS 140 and IP security in z/OS Communications Server: IP Configuration Guide. In the message text:
System actionNSS server processing continues. Operator responseNone. System programmer responseIf FIPS 140 support is required and the certificate is required for the IPSec discipline, rekey the certificate with an RSA key that has a key size of 1024 bits or greater. If using IKEv2 you can rekey the certificate using an ECDSA key of any length instead of an RSA key. If FIPS 140 support is not required for the NSS server, stop the server, configure FIPS140 No in the NSS server configuration file, and restart the server. User responseNot applicable. Problem determinationNone. Sourcez/OS® Communications Server TCP/IP: Network Security Server ModuleCertRepository.cpp Routing codeNot applicable. Descriptor codeNot applicable. AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|