IRRD156IKeyusage is incompatible with Key algorithm.
Keyusage is incompatible with Key algorithm.
Explanation
You are attempting to generate a certificate using either the RACDCERT TSO command or the R_PKIServ callable service. The KeyUsage value is not compatible with the key algorithm.
If
you are using the RACDCERT GENCERT command, the valid KeyUsages are:
- DSA
- HANDSHAKE
- DOCSIGN
- CERTSIGN
- RSA
- HANDSHAKE
- DOCSIGN
- CERTSIGN
- DATAENCRYPT
- ECC
- HANDSHAKE
- DOCSIGN
- CERTSIGN
- KEYAGREE
If you are using
the R_PKIServ callable service GENCERT, REQCERT, or MODIFYREQS, the
valid KeyUsages are:
- DSA
- DIGITALSIGNATURE (DIGITALSIG)
- NONREPUDIATION
- KEYCERTSIGN
- CRLSIGN
- RSA
- DIGITALSIGNATURE (DIGITALSIG)
- NONREPUDIATION
- KEYCERTSIGN
- CRLSIGN
- KEYENCIPHERMENT (KEYENCRYPT, KEYENCIPH)
- DATAENCIPHERMENT (DATAENCIPH)
- ECC
- DIGITALSIGNATURE (DIGITALSIG)
- NONREPUDIATION
- KEYCERTSIGN
- CRLSIGN
- KEYAGREE
System action
RACDCERT or R_PKIServ processing ends. RACF® prevents the request from completing.
User response
Select a different KeyUsage, generate a new PKCS #10 certificate, if applicable, or contact your system programmer or web page administrator.
Application Programmer Response
Modify the application invoking the R_PKIServ callable service to provide different KeyUsage values.
Web Page Administrator Response
If R_PKIServ is being invoked from the PKI Services CGIs, modify the certificate template definition in the pkiserv.tmpl file to provide different KeyUsage values in the <CONSTANT> section.