I have a keyring and certificates which work fine from AT-TLS etc. If I try to use it with z/OSMF I get messages from Java.
[ERROR ] CWPKI0033E: The keystore located at safkeyringjcehybrid:///CCPKeyring.IZUDFLT did not load because of the following error: Errors encountered loading
keyring. Keyring could not be loaded as a JCECCARACFKS or JCERACFKS keystore.
What traces can I use to find out? I'm happy collecting RACF traces, and GSK Traces, but I didnt capture any information.
Is there a Java trace I can use?
It looks like only RSA certificates are supported.
If I use
RACDCERT ID(COLIN) GENCERT -
SUBJECTSDN(CN('10.1.1.2') -
O('NISTEC224') -
OU('SSS')) -
ALTNAME(IP(10.1.1.2))-
NISTECC -
SIZE(224 ) -
SIGNWITH (CERTAUTH LABEL('DOCZOSCA')) -
WITHLABEL('NISTEC224')
Java fails .. If I use a certificate with RSA instead of NISTECC it works.
------------------------------
Colin Paice
Retired
Stromness
------------------------------