Question & Answer
Question
The following messages are issued:
EZZ8432I PAGENT INITIALIZATION COMPLETE
EZZ8438I PAGENT POLICY DEFINITIONS CONTAIN ERRORS FOR image_name : IPSEC
Answer
The explanation can be determined by examining the PAGENT log file.
When starting the Policy Agent (PAGENT) as a started task, the output messages are written to the PAGENT log file, which can be specified by the PAGENT_LOG_FILE environment variable and defaults to /tmp/pagent.log.
If the PAGENT log shows the following messages, those messages indicate indicate that 3DES and AES_CBC encryption are not being supported:
OBJERR :005: process_IPSec_enum_att: HowToEncrypt 3Des not allowed on IpDataOffer because 3DES not enabled for image 'image_name'
OBJERR :005: process_IPSec_enum_att: HowToEncrypt AES_CBC not allowed on IpDataOffer because AES not enabled for image 'image_name'
The two IpDataOffer statements in the IPSEC policy file specify:
HowToEncrypt 3DES
HowToEncrypt AES_CBC
You need to install System SSL Security Level 3 (FMID JCPT3D1) on your system. System Security Level 3 supports 3DES and AES_CBC.
JCPT3D1 is a free and orderable feature.
For more information, see the manual z/OS Cryptographic Services System SSL Programming (SC24-5901-10)
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
11 January 2016
UID
dwa1186349