Troubleshooting
Problem
When using zSecure Server (CKNSERVE) with AT-TLS protection, the connections between zSecure Servers fails after the personal digitial certificates are renewed or recreated. (This technote is actually relevant to any AT-TLS environment using ClientAuthType SAFCheck)
Symptom
ICH408I USER(CKRTASK ) GROUP(CKRUSERS) NAME(ZSECURE STC USER )
DIGITAL CERTIFICATE IS NOT DEFINED. CERTIFICATE SERIAL NUMBER(02) SU
BJECT(CN=CKNSAMP1.OU=ZSECURE.O=IBM.C=US) ISSUER(CN=CKNCA.OU=ZSECURE.O
=IBM.C=US).
EZD1287I TTLS Error RC: 5002 Initial Handshake
LOCAL: ::FFFF:9.42.46.43..7173
REMOTE: ::FFFF:9.42.46.44..9023
JOBNAME: CKNSERVE RULE: CKN_SERVER_1
USERID: CKRTASK GRPID: 00000002 ENVID: 00000003 CONNID: 00002DB2
DIGITAL CERTIFICATE IS NOT DEFINED. CERTIFICATE SERIAL NUMBER(02) SU
BJECT(CN=CKNSAMP1.OU=ZSECURE.O=IBM.C=US) ISSUER(CN=CKNCA.OU=ZSECURE.O
=IBM.C=US).
EZD1287I TTLS Error RC: 5002 Initial Handshake
LOCAL: ::FFFF:9.42.46.43..7173
REMOTE: ::FFFF:9.42.46.44..9023
JOBNAME: CKNSERVE RULE: CKN_SERVER_1
USERID: CKRTASK GRPID: 00000002 ENVID: 00000003 CONNID: 00002DB2
[{"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"zSecure Admin","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Historical Number
85924;015;866
Was this topic helpful?
Document Information
Modified date:
19 June 2026
UID
swg21675837