DFHAM4928 certificate does not have a private key when installing URIMAP

Question & Answer

Question

Why would I receive message DFHAM4928E when trying to install a URIMAP definition with CEDA in CICS Transaction Server for z/OS? The URIMAP is specifying a SITE certificate because it will be used for an https connection where CICS is a client. The install fails indicating that the specified certificate does not have a private key. However, I believe the certificate does have a private key and is valid.

CEDA message seen are;

  S Install of URIMAP (mapname) failed because CERTIFICATE (certname) is invalid. 
  S Install of URIMAP (mapname) failed because the specified certificate does not have a private key.

Message seen in MSGUSR:

 DFHAM4928 E  Install of URIMAP (mapname) failed because the specified certificate 
 does not have a private key.

Answer

SITE certificates are owned by SITE and not by the CICS region userid. Thus, the only way the region userid can access the Private key information is by allowing it CONTROL access to resource IRR.DIGTCERT.GENCERT within the FACILITY class of your security product.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Was this topic helpful?

Document Information

Modified date:
11 December 2014

UID

dwa1167511

Tips