FTP client gets the following - FC0984 authServer: secure_socket_init failed with rc = 428 (Key entry does not contain a private key). Keyring and certificates look ok.
Check the KEYRING record DEFAULT. An address space acting as a client does not need a DEFAULT specified in the KEYRING record. Unless FTP is doing client verification, the client site should not be sending its personal cert (the DEFAULT) to the server. If there is a value set for the DEFAULT it will be sent to the server regardless of whether client validation has been requested. If that certificate does not have a private key, the FC0984 authServer: secure_socket_init failed with rc = 428 will be generated. Set the DEFAULT to null, ie, DEFAULT().