Symptoms
Consider the following scenario:
-
The TN3270 Server service looks for an SSL certificate from a Public Key Infrastructure (PKI) provider.
-
The SSL certificate has a requested common name.
In this scenario, the TN3270 Server service does not find the SSL certificate. Therefore, you cannot implement the SSL certificate.
When you examine a TN3270 Server service trace that is captured by using the SNA Trace utility, you may see the following trace lines: Look for server auth cert with subject containing CN 'Sernername.Company.Com' Find a certificate with required subject CN Find Certificate in Store failed, error 0x80092004 Search 0 exhausted Find a certificate with required subject CN Find Certificate in Store failed, error 0x80092004 Search 1 exhausted Failed to get certificate from the storeCause
This issue occurs because the common name of the issued certificate uses CERT_RDN_UTF8_STRING encoding. If CERT_RDN_PRINTABLE_STRING encoding is used instead, everything works fine.
Resolution
Hotfix information
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix. If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website:
http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Prerequisites
You must have cumulative update package 10 for Microsoft Host Integration Server 2010 installed to apply this hotfix. For more information about how to get the cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
2917398 Cumulative Update 10 for Host Integration Server 2010
More information
After you apply the hotfix, the TN3270 Server service tries both encodings when it searches for the certificate.
Cumulative update information
The fix for this problem is included in cumulative update package 3 for Host Integration Server 2013. For more information about how to get the cumulative update package, see Cumulative update package 3 for Host Integration Server 2013.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.