Question & Answer
Question
Why would I receive message DFHAM4928E when trying to install a URIMAP definition with CEDA in CICS Transaction Server for z/OS? The URIMAP is specifying a SITE certificate because it will be used for an https connection where CICS is a client. The install fails indicating that the specified certificate does not have a private key. However, I believe the certificate does have a private key and is valid.
CEDA message seen are;
S Install of URIMAP (mapname) failed because CERTIFICATE (certname) is invalid.
S Install of URIMAP (mapname) failed because the specified certificate does not have a private key.
Message seen in MSGUSR:
DFHAM4928 E Install of URIMAP (mapname) failed because the specified certificate
does not have a private key.
Answer
SITE certificates are owned by SITE and not by the CICS region userid. Thus, the only way the region userid can access the Private key information is by allowing it CONTROL access to resource IRR.DIGTCERT.GENCERT within the FACILITY class of your security product.
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
11 December 2014
UID
dwa1167511