-- SSL certificates store in CA-TSS and accessed via a Key-Ring issue is not working.

This solution has been developed, tested and validated in a RACF environment using CFT Version 2.6.4 SP3 P6.

CFT Version 2.6.4 will need to be patched. Please log onto the Axway Customer Support Website and download Transfer_CFT_2.6.4-SP3_Patch6_mvs_BN1.z and the associated  readme file. Apply the patch following the instruction in the readme file.

After applying the maintenance to CFT please configure the CFT with the following SSL profiles:
CFTSSL     MODE     = replace ,                              
          ID       = SSL1    ,                              
          DIRECT   = CLIENT,                                
          CIPHLIST = (9,47,10,53,60,61) ,                  
          VERSION  = TLSV1 ,                                
          ROOTCID  = ('Label of root cid - mix case'),        
          VERIFY   = none ,                                
          USERCID  = 'Label of user certificate',                  
          PARM     = 'OWNER=XXXXXX,RING=XXXXXXXXXXXXXXXXXX',
          TRACE    = 255                                    
                                                           
CFTSSL     MODE     = replace ,                              
          ID       = SSL1    ,                              
          DIRECT   = SERVER,                                
          CIPHLIST = (9,47,10,53,60,61) ,                  
          VERSION  = TLSV1 ,                                
          ROOTCID  = ('Label of root cid - mix case'),        
          VERIFY   = REQUIRED ,                            
          USERCID  = 'Label of user cid - mix case',                  
          PARM     = 'OWNER=SOP745,RING=RINGTP2XGCFTTSA17',
          TRACE    = 255    

In case it still doesn't works please collect traces from both sides of the transfer. Use SGTRACE 128 and the SSL TRACE 255 (client AND server), also provide a fresh CFT Extract at the time of the trace capture.