CSQ0216E …. CSQ0CGET Message unprotection failed,return code 8, reason 03353040
CSQ0217E … CSQ0CGET Failed to process object ‘signer’s certificate’
03353040 Self-signed certificate not in database.
Colin’s comments
For unprotection the signers certificate is validated against the xxxxAMSM userid’s keyring.
You can display information about a user’s certificate
RACDCERT LIST (LABEL(‘LINUXTESTUSER’)) ID(ADCDA)
You can list the ring contents using
RACDCERT LISTRING(drq.ams.keyring) ID(MQAMSID)
but this is not very helpful.
I have written a program checkAMS which displays a keyring, the owner of the certificate, and information about it.
- Check the xxxxAMSM’s keystore/keyring to ensure it is present (it does not tell you which one is has a problem)
- List the key, and compare the details with the originator, for example the start and end date, and if the certificate has been signed, the issuers DN, and certificate serial number.