The Internet Key Exchange (IKE) daemon encountered a certificate payload or a certificate request in a message, but the server is not configured to support certificates.
Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.
The certificate cannot be used and the negotiation will probably fail; the IKE daemon continues.
If you want RSA signature authentication, verify that the Key ring name setting is correct. Otherwise, ensure that the remote security endpoint administrator uses the shared key method of authentication.
When configured without the IBM® Configuration Assistant for z/OS® Communications Server, the Key ring database setting is specified on the IkeConfig statement with the KeyRing parameter. See the information about the IKE daemon in z/OS Communications Server: IP Configuration Reference for more information about the IkeConfig statement.
When configured with the IBM Configuration Assistant for z/OS Communications Server, the Key ring database name is configured on the IPSec: IKE Daemon Settings panel. See the online helps in the GUI for additional information.
None.
oakley_kep.cpp
None.