IBM Support

PM34853: MESSAGE DFHAM4928 HAS INCORRECT REASON MESSAGE.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • You get error message DFHAM4928E Install of URIMAP failed
    because the specified certificate is not owned by this CICS.
    The real reason this message is being issued is because you are
    missing the private key for the certificate.
    
    Additional Keywords:
    KIXREVxxx
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: ALL CICS Users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: DFHAM4928 gives a misleading            *
    *                      description of the error if the         *
    *                      certificate does not have a private     *
    *                      key.                                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a URIMAP is installed using SSL with client authentication
    but the certificate specified does not have a private key,
    msgDFHAM4928 gives wrong description of the error indicating
    that the certificate is not owned by CICS.
    

Problem conclusion

  • DFHMEAME and MFHMEAME have been changed to give the correct
    message for a URIMAP installed using a certificate without a
    private key.
    
    The CICS Transaction Server for z/OS Messages and Codes Version
    3 Release 2 GC34-6827-03 has been altered to change the
    explanatory insert 'not owned by this CICS' to 'does not
    have a private key' in message DFHAM4928E as follows:
    
    DFHAM4928E applid Install of {TCPIPSERVICE
    |CORBASERVER | IPCONN | URIMAP}
    resourcename failed because the
    specified certificate {is expired | is not yet
    current | does not have a private key | is not
    trusted}.
    
    Explanation: Resource resourcename cannot be
    installed because the specified certificate is unusable.
    An explanatory phrase in the message describes why
    is expired
    The date and time at which the certificate is no
    longer valid has already passed.
    is not yet current
    The date and time at which the certificate is to
    become active has not yet been reached.
    does not have a private key
    The specified certificate does not have a private key.
    SSL with client authentication is only possible if you possess
    the private key associated with the certificate.
    is not trusted
    The certificate has been given the NOTRUST
    attribute by the security administrator. This
    indicates that the certificate is not to be used.
    System action: The resource is not installed.
    User response: Replace the certificate in the keyring
    with one that is usable, or specify a different certificate.
    Module: DFHAMP
    XMEOUT Parameters: applid, {7=TCPIPSERVICE,
    8=CORBASERVER, 9=IPCONN,10=URIMAP},
    resourcename, {1=is expired, 2=is not yet current, 3=does not
    have a private key, 4=is not trusted}
    Destination: Console and Terminal End User
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PM34853

  • Reported component name

    CICSTS V3 Z/OS

  • Reported component ID

    5655M1500

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-03-15

  • Closed date

    2011-05-17

  • Last modified date

    2011-06-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PM35536 UK67846

Modules/Macros

  •    DFHMEAMC DFHMEAME DFHMEAMK DFH34853
    

Publications Referenced
GC34682703    

Fix information

  • Fixed component name

    CICSTS V3 Z/OS

  • Fixed component ID

    5655M1500

Applicable component levels

  • R500 PSY UK67846

       UP11/05/21 P F105

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
01 June 2011