Hi Vince,
If there was nothing in the TSSOERPT then you need to open a case.
You can run a trace in the meantime and attach it to the case:
1. TSS ADD(acid) TRACE
2. TSS REFRESH(acid) JOBNAME(*)
3. TSS MODI(SECTRACE(ACT,WTL))
4. ST SET,ID=TSS2,TYPE=OMVS,FUNC=ALL, FORMAT=DUMP,USER=acid,DEST=SYSLOG,END
(issued on the console)
5. This will route all trace records to the MVS syslog....
6. Recreate the problem.
7. TSS MODI(SECTRACE(OFF))
8. ST DEL,ID=TSS2 (issued on the console)
9. TSS REM(acid) TRACE
The trace data is emailable, please email.
Also please include a listing of the certificate you are exporting along
with listings of the Certauth signing certificates in the chain.
Cheers,
~Eileen~
--
Eileen K. Becht
Sr. Support Engineer
Broadcom Inc.
Mainframe Division
(800)225-5224
--
This electronic communication and the information and any files transmitted
with it, or attached to it, are confidential and are intended solely for
the use of the individual or entity to whom it is addressed and may contain
information that is confidential, legally privileged, protected by privacy
laws, or otherwise restricted from disclosure to anyone else. If you are
not the intended recipient or the person responsible for delivering the
e-mail to the intended recipient, you are hereby notified that any use,
copying, distributing, dissemination, forwarding, printing, or copying of
this e-mail is strictly prohibited. If you received this e-mail in error,
please return the e-mail to the sender, delete it from your computer, and
destroy any printed copy of it.
Original Message:
Sent: 6/22/2022 4:11:00 PM
From: Vince Elliott
Subject: RE: pkcs12 certificate export failed
the fix was already applied. also attempted to run reports when error was encountered but nothing was listed.
Original Message:
Sent: Jun 22, 2022 03:03 PM
From: Eileen Becht
Subject: pkcs12 certificate export failed
Hi Vince,
Have you run the TSSUTIL and TSSOERPT as Joe mentioned?
If you have the fix applied then please run the reports and most likely you
are going to have to open a case.
As I mentioned we have a couple other cases with the same problem.
Not sure what the outcome is going to be, but I know one client did not
have the mentioned fix applied and that resolved their problem so I figured
I would check to see if that was also the case with you.
Cheers,
~Eileen~
--
Eileen K. Becht
Sr. Support Engineer
Broadcom Inc.
Mainframe Division
(800)225-5224
--
This electronic communication and the information and any files transmitted
with it, or attached to it, are confidential and are intended solely for
the use of the individual or entity to whom it is addressed and may contain
information that is confidential, legally privileged, protected by privacy
laws, or otherwise restricted from disclosure to anyone else. If you are
not the intended recipient or the person responsible for delivering the
e-mail to the intended recipient, you are hereby notified that any use,
copying, distributing, dissemination, forwarding, printing, or copying of
this e-mail is strictly prohibited. If you received this e-mail in error,
please return the e-mail to the sender, delete it from your computer, and
destroy any printed copy of it.
Original Message:
Sent: 6/22/2022 1:51:00 PM
From: Vince Elliott
Subject: RE: pkcs12 certificate export failed
I have been told that it was applied in 2021.
Original Message:
Sent: Jun 22, 2022 10:27 AM
From: Eileen Becht
Subject: pkcs12 certificate export failed
Hi Vince,
We have seen a few of these recently.
Can you please check that you have SO15869 applied?
Thanks!!
~Eileen~
Original Message:
Sent: Jun 21, 2022 04:09 PM
From: Vince Elliott
Subject: pkcs12 certificate export failed
Was able to resolve with CASECAUT TSSCMD authority.
At this time, able to export PK7 but again encountering issues with exporting certificate pk12 without access updates.
TSS EXPORT(CERTSITE) DIGICERT(certlbl)
DCDSN(filename) FORMAT(PKCS12B64) PKCSPASS(password)
TSS0301I EXPORT FUNCTION FAILED, RETURN CODE = 8
no violations listed when running reports
Current TSS r16
z/OS - r2.4
Original Message:
Sent: Feb 01, 2022 03:37 PM
From: Joseph Porto
Subject: pkcs12 certificate export failed
Vince,
Please make sure the dataset doesnt exist. The dataset must not be pre-allocated inorder for the TSS EXPORT to work.
Please make sure the admin issuing the command is authorized to access the dataset used in the DCDSN keyword.
Run a TSSUTIL and TSSOERPT to see if the user is getting any security violations.
Regards,
Joseph Porto - Broadcom Level 1 Support
Original Message:
Sent: Feb 01, 2022 02:42 PM
From: Vince Elliott
Subject: pkcs12 certificate export failed
attempting to export pks12 certificate. first attempt since upgrade to TSS r16. are certain rules required? using **** acid and receiving msg 'TSS0301I EXPORT FUNCTION FAILED, RETURN CODE = 8'id