When I issue a CHKCERT of certificate in a dataset I get error message ACF68025 Error parsing certificate: R15 = 12, reason/TRUNC = 4/80
search cancel

When I issue a CHKCERT of certificate in a dataset I get error message ACF68025 Error parsing certificate: R15 = 12, reason/TRUNC = 4/80

book

Article ID: 11178

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction



I am attempting to replace an expired certificate. The signed Certificate Signing Request (CSR) has been received from the Certificate Authority (CA) and put in a dataset. When a CHKCERT is issued against the certificate in the dataset, I get the error message ACF68025 Error parsing certificate: R15 = 12, reason/TRUNC = 4/80.

Environment

Release:
Component: ACF2MS

Resolution

The combined lengths of the serial number and issuer's Distinguishe Name (DN) in the certificate are greater than 246. That limit of 246 is the maximum that the z/OS External Security Manager (ESM) products (ACF2, Top Secret, and RACF) support for digital certificates. It is necessary to go back to the signing CA to get an issuer that has a shorter DN.