109 No certification authority certificates.

Explanation
The key database, SAF key ring, or z/OS PKCS #11 token does not contain any valid certification
authority certificates. The SSL run time needs at least one CA or self-signed certificate to perform
client authentication.

User response
Add the necessary certificates to the key database, SAF key ring, or z/OS PKCS #11 token and
ensure that existing certificates are valid, have not expired, and are marked as trusted
certificates. If using RACF key rings and the DIGTCERT and DIGTRING classes are RACLIST'ed, issue
the SETROPTS RACLIST (DIGTCERT, DIGTRING) REFRESH command to refresh the profiles to ensure that the
latest changes are available.