KB Article #72405
TSS Key-Ring Mutual Authentication
-- SSL certificates store in CA-TSS and accessed via a Key-Ring issue is not working.
Resolution
This solution has been developed, tested and validated in a RACF environment using CFT Version 2.6.4 SP3 P6.
CFT Version 2.6.4 will need to be patched. Please log onto the Axway Customer Support Website and download Transfer_CFT_2.6.4-SP3_Patch6_mvs_BN1.z and the associated readme file. Apply the patch following the instruction in the readme file.
After applying the maintenance to CFT please configure the CFT with the following SSL profiles:
CFTSSL MODE = replace ,
ID = SSL1 ,
DIRECT = CLIENT,
CIPHLIST = (9,47,10,53,60,61) ,
VERSION = TLSV1 ,
ROOTCID = ('Label of root cid - mix case'),
VERIFY = none ,
USERCID = 'Label of user certificate',
PARM = 'OWNER=XXXXXX,RING=XXXXXXXXXXXXXXXXXX',
TRACE = 255
CFTSSL MODE = replace ,
ID = SSL1 ,
DIRECT = SERVER,
CIPHLIST = (9,47,10,53,60,61) ,
VERSION = TLSV1 ,
ROOTCID = ('Label of root cid - mix case'),
VERIFY = REQUIRED ,
USERCID = 'Label of user cid - mix case',
PARM = 'OWNER=SOP745,RING=RINGTP2XGCFTTSA17',
TRACE = 255
In case it still doesn't works please collect traces from both sides of the transfer. Use SGTRACE 128 and the SSL TRACE 255 (client AND server), also provide a fresh CFT Extract at the time of the trace capture.