Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
![]() EZD1914I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1914I Remote security endpoint at remote_ip port remote_port sent
a signing certificate with encoding encoding that
is not allowed ExplanationAn IKE version 2.0 Security Association (SA) activation attempt failed because the remote security endpoint sent a signing certificate that contained encoding that is not allowed by locally defined IPSec policy. The signing certificate appears in the first certificate payload. In the message text:
System actionThe IKE SA negotiation fails; IKE daemon processing continues. Operator responseNone. System programmer responseNotify the administrator of the remote security endpoint that it must not send certificate payloads that contain the disallowed encoding. Alternatively, the administrator of the z/OS® security endpoint can change local IPSec policy to allow such certificate payload encodings. See the information about Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for information about the CertificateURLLookupPreference keyword of the KeyExchangePolicy or KeyExchangeAction statement. User responseNot applicable. Problem determinationNone. Sourcez/OS Communications Server TCP/IP: IKE daemon ModuleIKEv2AuthRequest.cpp, IKEv2AuthResponse.cpp Routing code11 Descriptor code7 AutomationThis message is output to syslog. Example
![]() ![]() ![]() |
![]() |