INET0143E SSL SERVER srvname REMOTE PEER CERTIFICATE ERROR - reason

Where

srvname

The SSL server.

reason

One of the following:

UNABLE_TO_GET_CRL

The certificate revocation list (CRL) was not found.

UNABLE TO GET ISSUER CERTIFICATE

Unable to find the certificate for one of the certificate authorities (CAs) in the signing hierarchy, and that CA is not trusted by the local application.

UNABLE TO DECRYPT CERT SIGNATURE

Unable to decrypt the signature of the certificate.

UNABLE TO DECRYPT CRL SIGNATURE

The CRL signature could not be decrypted. (The actual signature value could not be determined.)

UNABLE TO DECODE ISSUER PUBLIC KEY

The public key in the certificate could not be read.

CERT SIGNATURE FAILURE

The signature of the certificate is not valid.

CRL SIGNATURE FAILURE

The CRL signature of the certificate is not valid.

CERT NOT YET VALID

The certificate is not valid until a future date.

CERT HAS EXPIRED

The certificate has expired.

ERROR IN CERT NOT BEFORE FIELD

There is a format error in the notBefore field in the certificate.

ERROR IN CERT NOT AFTER FIELD

There is a format error in the notAfter field in the certificate.

ERROR IN CRL LAST UPDATE FIELD

The CRL lastUpdate field contains an invalid time.

ERROR IN CRL NEXT UPDATE FIELD

The CRL nextUpdate field contains an invalid time.

OUT OF MEM

An error occurred while allocating memory.

DEPTH ZERO SELF SIGNED CERT

The passed certificate is self-signed and the same certificate cannot be found in the list of trusted certificates.

SELF SIGNED CERT IN CHAIN

A self-signed certificate exists in the certificate chain. The certificate chain can be built using the untrusted certificates, but the root CA was not found locally.

UNABLE TO GET ISSUER CERT LOCALLY

The issuer certificate of a locally found certificate was not found. This usually means that the list of trusted certificates is not complete.

UNABLE TO VERIFY LEAF SIGNATURE

No signatures were verified because the certificate chain contains only one certificate, which is not self-signed, and the issuer is not trusted.

CERT CHAIN TOO LONG

The certificate chain length is greater than the supplied maximum depth.

CERT REVOKED

The certificate was revoked by the issuer.

INVALID CA

A CA certificate is not valid because it is not a CA or its extensions are not consistent with the intended purpose.

PATH LENGTH EXCEEDED

The basicConstraints pathlength parameter was exceeded.

INVALID PURPOSE

The certificate that was provided cannot be used for its intended purpose.

CERT UNTRUSTED

The root CA is not marked as trusted for its intended purpose.

CERT REJECTED

The root CA is marked to reject the purpose specified.

SUBJECT ISSUER MISMATCH

The issuer certificate was rejected because its subject name did not match the issuer name of the current certificate.

AKID SKID MISMATCH

The issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier of the current certificate.

AKID ISSUER SERIAL MISMATCH

The issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate.

KEYUSAGE NO CERTSIGN

The issuer certificate was rejected because its keyUsage extension does not permit certificate signing.

UNKNOWN CERTIFICATE ERROR

The reason for the certificate error is unknown.

Last updated

Added for PUT10.

Explanation

The z/TPF Internet Daemon (InetD) SSL connection manager program (CLTC) received a connection request from a remote SSL client, but the SSL handshake did not complete. The SSL connection manager tried to validate the remote peer certificate, but SSL_get_verify_result returned an error. See the previous reason details for specifics.