CSQ0216E Message unprotection failed, reason 03353040

CSQ0216E …. CSQ0CGET Message unprotection failed,return code 8, reason 03353040
CSQ0217E … CSQ0CGET Failed to process object ‘signer’s certificate’

03353040 Self-signed certificate not in database.

Colin’s comments

For unprotection the signers certificate is validated against the xxxxAMSM userid’s keyring.

You can display information about a user’s certificate

RACDCERT LIST (LABEL(‘LINUXTESTUSER’)) ID(ADCDA)

You can list the ring contents using

RACDCERT LISTRING(drq.ams.keyring) ID(MQAMSID)

but this is not very helpful.

I have written a program checkAMS which displays a keyring, the owner of the certificate, and information about it.

  • Check the xxxxAMSM’s keystore/keyring to ensure it is present (it does not tell you which one is has a problem)
  • List the key, and compare the details with the originator, for example the start and end date, and if the certificate has been signed, the issuers DN, and certificate serial number.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s