Explanation
The key database, PKCS #12 file, SAF key ring, or z/OS PKCS #11 token does not contain any
certificates, or the SSL client application does not have a certificate available when
authentication is requested by the server.
User response
Check for available certificates and add the user certificate and any necessary certification
authority certificates to the key database, SAF key ring, or z/OS PKCS #11 token if necessary.
If using a PKCS #12 file, ensure that the file contains the necessary certificates.
If using RACF key rings, certificates that are marked as not trusted in the RACF
database are not retrieved from the key ring. Ensure that the certificates needed to build the
certificate’s trust chain are available.
If using RACF key rings and the DIGTCERT and DIGTRING classes are RACLIST'ed, issue the SETROPTS
RACLIST (DIGTCERT, DIGTRING) REFRESH command to refresh the profiles to ensure that the latest
changes are available. Specify a certificate for the client application to use.
If generic profiling checking was enabled for the DIGTCERT class when the
certificate was created or added and its issuer's distinguished name contains any generic characters
(*, & and %), a generic certificate profile was created. This generic profile processing may
cause the certificate not to be read from the key ring. This certificate will need to be removed and
added back after turning off generic profile checking for DIGTCERT class. The SEARCH CLASS(DIGTCERT)
command can be used to determine if the certificate’s profile is generic. A (G) indicates
generic.