Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IRRD186I z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
IRRD186I A Diffie-Hellman certificate can not be used to sign other
certificates. ExplanationAn Elliptic Curve Cryptography (ECC) certificate with only the keyAgreement keyusage set (or together with encipherOnly or decipherOnly) is an ECC Diffie-Hellman certificate. The intended usage is for key exchange, not for signing. Any RACDCERT commands that involve signing with this type of certificate fails. For example, GENREQ or REKEY on an ECC Diffie-Hellman certificate or GENCERT a self-signed or GENCERT SIGNWITH an ECC Diffie-Hellman certificate. System actionRACDCERT does not process the request. User responseReissue the command using a certificate that is not an ECC Diffie-Hellman certificate, or reissue the command specifying other KeyUsage bits in addition to KEYAGREE. |
Copyright IBM Corporation 1990, 2014
|