I am attempting to replace an expired certificate. The signed Certificate Signing Request (CSR) has been received from the Certificate Authority (CA) and put in a dataset. When a CHKCERT is issued against the certificate in the dataset, I get the error message ACF68025 Error parsing certificate: R15 = 12, reason/TRUNC = 4/80.
The combined lengths of the serial number and issuer's Distinguishe Name (DN) in the certificate are greater than 246. That limit of 246 is the maximum that the z/OS External Security Manager (ESM) products (ACF2, Top Secret, and RACF) support for digital certificates. It is necessary to go back to the signing CA to get an issuer that has a shorter DN.