The error message SSF_KRN_SIGN_BY_AS with return code 5 indicates a signer error, i.e., the system cannot find the correct certificate to sign or to verify the signer of some digital signature. Unfortunately, often the application running into this error message does not identify itself, so it is up to "guess" where the problem originally comes from...
The reason for this problem can be:
- Missing or wrong configuration/customization
- Missing or wrong certificate
- Problems with security toolkit installation
What would be the steps to verify that?
- Check the PSEs in transaction STRUST used to digital signature. Look there if there is no expired certificate or any inconsistency in the PSEs.
- Check if there is any useless entry in transaction SSFA (in current client and client 000). From my experience, this is the most common I've faced dealing with customers.
Therefore, the main question to find that out would be:
What applications do you have in your system that are indeed making use of SSF? Make sure that they're maintained correctly and delete the applications which are not making use of SSF.
I hope this can be helpful for at least an initial analysis.
Guilherme de Oliveira.