z/OS Security Server RACF Messages and Codes
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IRRD186I

z/OS Security Server RACF Messages and Codes
SA23-2291-00

IRRD186I
A Diffie-Hellman certificate can not be used to sign other certificates.

Explanation

An Elliptic Curve Cryptography (ECC) certificate with only the keyAgreement keyusage set (or together with encipherOnly or decipherOnly) is an ECC Diffie-Hellman certificate. The intended usage is for key exchange, not for signing. Any RACDCERT commands that involve signing with this type of certificate fails. For example, GENREQ or REKEY on an ECC Diffie-Hellman certificate or GENCERT a self-signed or GENCERT SIGNWITH an ECC Diffie-Hellman certificate.

System action

RACDCERT does not process the request.

User response

Reissue the command using a certificate that is not an ECC Diffie-Hellman certificate, or reissue the command specifying other KeyUsage bits in addition to KEYAGREE.

Parent topic: RACDCERT command messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014