I am setting up a FTPD Server certificate for secure FTP connection between 2 mainframes and I am getting 'Unable to get default key label' error, what causes this?

Document ID : KB000039437
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:  

I am setting up a FTPD Server certificate for secure FTP connection between 2 mainframes
and I am getting 'ERROR edit_ciphers(): Unable to get default key label: Error 0x0335300e',
what causes this?

 

Answer: 

If the Server Personal certificate does not have the TRUST status the certificate

will not be returned when the server intializes and issue R_datalib calls to

retrieve all of the certificates CONNECTed to the Keyring. If the Server certificate

is not returned the 'Unable to get default key label' error can occur.

 

To check if a certificate has the TRUST attribute the TSO, ACF, CHKCERT command

can be used to display  certificate information including the TRUST|NOTRUST

status.

 

The CHKCERT subcommand can be issued in any mode of the ACF command. It has the following syntax:

 

CHKcert {logonid Label(label) |logonid.suffix | DSname(data-set-name)}

 

Additional Information:

 

Details on the CHKCERT command can be found in the CA ACF2 for z/OS Administration Guide,

Chapter 26: Digital Certificate Support, section 'Processing Digital Certifications with CA ACF2'.