Problem with a Self-signed certificate:

11/09/12 16:41:47  CFTY02Z >> CTX=200006 Client certificate not found (LOCAL CAID=NULLCERT, CERTID=NULL)
11/09/12 16:41:47  CFTY02Z >> CTX=200006 cftpki() _ PKII PHASE=GETCERT  CR=0 REASON=48
11/09/12 16:41:47  CFTY02Z >> CTX=200006 UNKNOWN CA : DN=/C=fr/ST=idf/L=ptx/O=AXWAY/OU=SUP/CN=SUPPORT,/C=fr/ST=idf/O=Axway, ROOTCID=GAQSIG05,R2D2CA, USERCID=GA
11/09/12 16:41:47  CFTY23I CTX=200006 Client certificate ID=NULL ROOTID=NULLCERT
11/09/12 16:41:47  CFTY02Z >> CTX=200006 SSLact() _ state: BUILD
11/09/12 16:41:47  CFTY02Z >> CTX=200006 SSLact() _ SENDING 12 HANDSHAKE DATA
11/09/12 16:41:47  CFTY02Z >> CTX=200006 16030100 070B0000 03000000  >............<

It works in double authentication in a local loop test.

The format of the certifcate used is PKCS12.

1) selfsigned certs must be defined in the CFTSSL so the USERCID = ROOTCID

2) load only one time the user certs like the PKICER example bellow

PKIUTIL pkicer
                id=' GAQSIG05',
               comment= ' GAQSIG05 Self signed certificates',
               pkifname = /data/pkcftq05/cft/pki/pkibase,  /* the PKI DB */
               pkipassw = 'CFT1',                  /* PKI DB password */
               iname    = gateway.pfx,           /* source file  */
               iform    = 'PKCS12',                  /* source format */
               ikform   = DER,                        /* key format (embedded in the PKCS12 */
               ikpassw  = '123456',                /* Key password */
               itype    = 'USER',                      /* cert type */
              state    = 'ACT',                         /* status */
              check    = 'NO',                        /* do not check for the root cid */
              mode     = 'CREATE'