Why are we getting error EZD1037I when activating an IPSec tunnel?

Question & Answer

Question

When activating an IPSec tunnel we get the following message:

EZD1037I The IKE daemon has no matching certificate entry for the specified LocalSecurityEndpoint identity ( id_string ) and certificate authority ( X.500_string )

Answer

IKED reported this error occurred while searching for a certificate that matched the LocalSecurityEndpoint ID and was signed by the CA that was requested by the remote security endpoint.

Verify that the Local Security Endpoint Identity is correct. If it is correct, obtain a certificate with the expected ID of the local IKE server. When the certificate is obtained, add it to the IKE key ring with RACDCERT.

When configured without the IBM Configuration Assistant for z/OS Communications Server, the Local Security Endpoint is set on the LocalSecurityEndpoint statement. See the information about the Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about the LocalSecurityEndpoint statement.

When configured with the IBM Configuration Assistant for z/OS Communications Server, edit the corresponding Connectivity Rule in the GUI and verify that the Local Security Endpoint Identify is correct. See the online helps in the GUI for additional information.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
29 December 2015

UID

dwa1245907

Tips