Hi Jack,
Can you please check if the below objects still exists in the IFS with appropriate authorities? QSYS should be the owner.
Object . . . . . . . . . . . . : /qibm/userdata/icss
Data --Object Authorities--
User Authority Exist Mgt Alter Ref
*PUBLIC *RX
QSYS *RWX X X X X
Object . . . . . . . . . . . . : /qibm/userdata/icss/cert
Data --Object Authorities--
User Authority Exist Mgt Alter Ref
*PUBLIC *RX
QSYS *RWX X X X X
QLWISVR *RX
QTMHHTTP *RX
Object . . . . . . . . . . . . : /qibm/userdata/icss/cert/server
Data --Object Authorities--
User Authority Exist Mgt Alter Ref
*PUBLIC *EXCLUDE
QSYS *RWX X X X X
QLWISVR *RX X X X X
QTMHHTTP *RX
QWSERVICE *RX
Object . . . . . . . . . . . . : /qibm/userdata/icss/cert/server/default.kdb
Data --Object Authorities--
User Authority Exist Mgt Alter Ref
*PUBLIC *EXCLUDE
QSYS *RW X X X X
QLWISVR *RWX X X X X
QTMHHTTP *RWX X X X X
QWSERVICE *RWX X X X X
------------------------------
Rohit Chauhan
Senior Technical Specialist
Norway
------------------------------
Original Message:
Sent: Thu October 17, 2024 11:27 AM
From: Jack Woehr
Subject: DCM Error 4000
I've been pretty fluent in DCM over the years but I've hit an error I've never seen before.
Scenario:
- IBM i 7.2 recently upgraded from 6.1 (they're on their way to 7.4 but for now ...)
- Renewed Local CA cert (self-signed) succesfully
- Attempt to create a Server cert signed by Local CA
- "Error 4000" with recommendations to check WRKPRB and Admin log
- Nothing anywhere, no hint what went wrong.
I'm guessing that in migration some part of GSK somehow got hosed, or the parts of cert management in the OFS, but .. Any tips?
Thanks
------------------------------
Jack Woehr
Senior Consultant
Seiden Group LLC
Beulah CO
3038478442
------------------------------