Connect:Direct Secure Plus Troubleshooting

Use the following table to help troubleshoot problems with Connect:Direct® Secure Plus:

Problem Possible Cause Solution
Connect:Direct Secure Plus features are enabled in the Secure+ parameters file, but the statistics record indicates that these functions are disabled. The Connect:Direct network maps do not contain entries for the PNODE and SNODE. Verify that the network map entries for both the PNODE and the SNODE exist.
Running a Process with a remote node fails with an authentication error. Unique public/private key pairs are generated for the remote node record and the .Local node record is set to Enable Override=N. Change the .Local node record to Enable Override=Y.
The ENCRYPT.DATA parameter, specified from the COPY statement causes the copy step to fail with error message CSPA080E. The algorithm name used in the COPY statement is not in the supported algorithm list for both nodes. Verify that the algorithm name in the COPY statement is in the supported algorithm list for both nodes.
Connect:Direct Secure Plus is installed, but error message CSPA001E occurs on transfers not using Connect:Direct Secure Plus. Remote node records do not exist.
  • A remote node record must exist for every node in the netmap. Use the Sync with Netmap feature to create any missing nodes.
  • Disable Connect:Direct Secure Plus by clicking Disable Secure+ in the .Local node record.
Signature verification fails with error message CSPA002E. Configuration settings missing or incorrect.
  • If this is a non-Secure node, make sure the remote node record has Disable Connect:Direct Secure Plus selected.
  • Check the Connect:Direct Secure Plus settings for the node.
Signature verification fails with error message CSPA003E, CSPA004E, or CSPA005E.
  • Configuration settings missing or incorrect.
  • A security attack in progress.
  • Execute standard operating procedure for investigating security violation.
Signature verification fails with error message CSPA007E. Expired Signature Previous Key Pair. Date exceeded or keys have been changed. If Auto Update is disabled, check the expiration date for the signature key pair for both nodes. Check the update history log on both nodes for the last change to the record. Verify that the signature public key is correct for both nodes.
Running a Process with a remote node fails with an authentication error, CSPA008E. Authentication Previous Key Pair Expiration Date exceeded or keys have been changed. If Auto Update is disabled, check the authentication previous key pair expiration date for both nodes. Check the update history log on both nodes for the last change to the record. Verify the authentication public key is correct for both nodes.
Strong authentication fails with the error, CSPA010E.
  • The time allowed for strong authentication expired.
  • A security attack in progress.
  • Increase the timeout value.
  • Execute standard operating procedure for investigating security violation.
Connect:Direct Secure Plus session fails with the error, CSPA011E. An illegal attempt to override Connect:Direct Secure Plus parameters.
  • Turn on Enable Override in the remote node record to allow the COPY statement to override the node settings.
  • Check the COPY statement and remove the override statements.
Connect:Direct Secure Plus session fails with the error, CSPA014E. Connect:Direct Secure Plus cannot read the remote node definition. Check the remote node definition settings.
Connect:Direct Secure Plus session fails with the error, CSPA016E. Connect:Direct Secure Plus is not enabled in the local node definition. Make sure Connect:Direct Secure Plus is enabled for the local node.
Connect:Direct Secure Plus session fails with the error, CSPA019E. Error generating digital signature.
  • Resubmit the Process.
  • Call IBM® Customer Support.
Connect:Direct Secure Plus session fails with the error, CSPA077E. The COPY statement requested Connect:Direct Secure Plus parameters but Connect:Direct Secure Plus is not configured. Remove the SECURE= parameter from the COPY statement.
Connect:Direct Secure Plus session fails with the error, CSPA079E. Invalid encryption algorithm identified in COPY statement. Change the ENC.DATA parameter and specify one of the following values: Y, N, IDEACBC128, TDESCBC112, or DESCBC56 and resubmit the Process.
Connect:Direct Secure Plus session fails with the error, CSPA080E. No common algorithms are available for both nodes. Verify the algorithm list for both nodes contains at least one common algorithm name.
Connect:Direct Secure Plus session fails with the error, CSPA091E. Session attempted but remote node is not configured. Make sure both nodes are defined.
Connect:Direct Secure Plus session fails with the error, CSPA200E. Both nodes are not configured for the same protocol. Check the protocol setting at both sites and verify that the same protocol is configured at each site.
Connect:Direct Secure Plus session fails with the error, CSPA202E. SSL or TLS protocol handshake failed. Edit the cipher suite list and add a cipher suite used by the trading partner.
Connect:Direct Secure Plus session fails with the error, CSPA203E or CSPA204E. The SSL or TLS protocol could not validate the server's certificate. Make sure the certificate information is typed into the node record.
Connect:Direct Secure Plus session fails with the error, CSPA205E. A trading partner is not using TCP/IP for communication. Make sure that both ends of the communication use TCP/IP.
Connect:Direct Secure Plus session fails with the error, CSPA206E. The SSL or TLS protocol could not validate the server's certificate. Make sure the certificate information is entered into the node record.
Connect:Direct Secure Plus session fails with the error, CSPA208E. The common name in the certificate received does not match the Connect:Direct Secure Plus configuration. Make sure the certificate common name is spelled correctly and uses the same case as that in the certificate.
Connect:Direct Secure Plus session fails with the error, CSPA209E. The certificate has expired or is invalid. Obtain a new certificate and reconfigure the node record.
Connect:Direct Secure Plus session fails with the error, CSPA210E. The COPY statement attempts to override settings in the SSL or TLS protocol.
  • The system continues to operate.
  • If desired, change the Process statement and remove the COPY override options.
Connect:Direct Secure Plus session fails with the error, CSPA211E. The remote trading partner failed to send a certificate. Notify the trading partner that a certificate is required.
Connect:Direct Secure Plus session fails with the error, CSPA280E. The trusted root certificate could not be loaded. Check the local node configuration and make sure the location of the trusted root certificate is correctly identified.
Connect:Direct Secure Plus session fails with the error, CSPA281E. The trusted root certificate is empty. Check the local node configuration and make sure the location of the trusted root certificate is correctly identified.
Connect:Direct Secure Plus session fails with the error, CSPA282E. The user certificate file cannot be loaded. Check the local node configuration and make sure the location of the user certificate file is correctly identified.
Connect:Direct Secure Plus session fails with the error, CSPA303E. The Secure+ parameters files have not been initialized. Run the Secure+ Admin Tool to initialize the Secure+ parameters files.
Connect:Direct Secure Plus session fails with the error, CSPA309E. The SSL library failed during the handshake. Examine all related errors to determine the cause of the failure.
Connect:Direct Secure Plus session fails with the error, CSPA311E. Certificate validation failed. Verify that the root certificate is properly configured. An alternate certificate may be required.