z/OS Security Server RACF Messages and Codes
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IRRD171I

z/OS Security Server RACF Messages and Codes
SA23-2291-00

IRRD171I
Certificate has a key type not supported by Cryptoz. Bind not allowed.

Explanation

You are attempting to bind a certificate to a z/OS® PKCS #11 token. The certificate is found in RACF®. However, the certificate has the following key type that is not supported by z/OS PKCS #11, and therefore the certificate cannot be bound:
  • The key algorithm of the certificate is RSA or ECC, but the associated private key is already stored in ICSF.
As a result, the certificate cannot be bound.

System action

The command fails.

User response

Use another certificate for the bind and reissue the command. If you must re-create the certificate, do not use the options to store the key in PKDS (public key data set) or the TKDS (token key data set) when generating the certificate.

Parent topic: RACDCERT command messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014