Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IRRD207I z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
IRRD207I Incorrect KeyUsage specified. ExplanationEither you attempted to request a PKI Services digital certificate using the R_PKIServ callable service GENCERT or REQCERT functions or you attempted to modify an existing certificate request using the R_PKIServ callable service MODIFYREQS function but provided an incorrect combination of KeyUsage values. For RSA key types, if you specify the KeyUsage through keywords or PKI Services web page dialogs, the KeyUsages CERTSIGN, KEYCERTSIGN, or CRLSIGN cannot be specified in combination with either HANDSHAKE, KEYENCIPHERMENT, KEYENCIPH, KEYENCRYPT, DATAENCIPHERMENT, DATAENCIPH, or DATAENCRYPT. If you specify the KeyUsage through KeyUsage flags in a PKCS #10 certificate request, KEYCERTSIGN or CRLSIGN cannot be specified in combination with either KEYENCIPHERMENT or DATAENCIPHERMENT. For ECC key types, if you specify the KeyUsage through keywords or PKI Services web page dialogs, the KeyUsages KEYENCIPHERMENT, KEYENCIPH, KEYENCRYPT, DATAENCIPHERMENT, DATAENCIPH, or DATAENCRYPT cannot be specified. The KeyUsages CERTSIGN, KEYCERTSIGN, or CRLSIGN cannot be specified in combination with KEYAGREE. If you specify the KeyUsage through KeyUsage flags in a PKCS #10 certificate request, KEYCERTSIGN or CRLSIGN cannot be specified in combination with KEYAGREEMENT. System actionR_PKIServ processing ends. RACF® prevents the request from completing. User responseSelect a different KeyUsage, generate a new PKCS #10 certificate, if applicable, or contact your system programmer or web page administrator. Application Programmer ResponseModify the application invoking the R_PKIServ callable service to provide different KeyUsage values. Web Page Administrator ResponseIf R_PKIServ is being invoked from the PKI Services CGIs, modify the certificate template definition in the pkiserv.tmpl file to provide different KeyUsage values in the <CONSTANT> section in the PKI templates. |
Copyright IBM Corporation 1990, 2014
|