EZD1326I Request type NSS_CreateSignatureReqToSrv with correlator ID failed - return code EINVAL reason code NSSRsnNoMatchingCert?

Question & Answer

Question

The error is issued by NSSD in response to a create signature request from the zOS IKE daemon while negotiating a Phase 1 SA. Part of the create signature processing requires access to the IKE personal certificate on the NSS KeyRing used by the IKE daemon. During the IKE ISAKMP flows the remote IKE peer sent one or more certificate request payloads. The certificate request payloads sent from the peer are requests that the local IKE send a certificate that has been signed by one or more of the CAs sent in the cert req payload(s). If the cert req payload(s) specify CAs that were not in the signing chain of the IKE personal certificate the NSSRsnNoMatchingCert error occurs.

to correct the issue, the remote IKE needs to be configured to insure that the correct CAs are being sent in it's certificate request payload(s) to zOS

Answer

to correct the issue, the remote IKE needs to be configured to insure that the correct CAs are being sent in it's certificate request payload(s) to zOS

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Tips

EZD1326I Request type NSS_CreateSignatureReqToSrv with correlator ID failed - return code EINVAL reason code NSSRsnNoMatchingCert?

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?