The SMP/E Internet Retrieval root certificate is going to expire on 8/22/2018 and needs to be replaced.

 

Release:
Component: TSSMVS

The new SMP/E Internet Retrieval Certificate can be found at:

https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/geotrust/root/DigiCertGlobalRootCA.pem

IBM  notes about the certificate:
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006d2e0a/bdee3c698260c970852582170066c99f/$FILE/New%20Certificate%20Authority.pdf

Here are sample commands to replace the expiring GEOTRUST certificate with the new version. 

1. Rename the LABLCERT of the expiring certificate since duplicate LABLCERTs are not allowed: 
TSS REP(CERTAUTH) DIGICERT(GEOTRUST) LABLCERT(EXPIREDCERT) 
2. Add the new GEOTRUST certificate to the security file using the old LABLCERT. 
TSS ADD(CERTAUTH) DIGICERT(GEOTRST2) LABLCERT(CERTAUITH.GEOTRUST) 
3. Remove the old GEOTRUST certificate from the keyring: 
TSS REM(JOE) KEYRING(SMPRING) RINGDATA(CERTAUTH,GEOTRUST) 
3. Add the new GEOTRUST certificate to the keyring" 
TSS ADD(JOE) KEYRING(SMPRING) RINGDATA(CERTAUTH,GEOTRST2) USAGE(CERTAUTH) 

Please substitute your DIGICERT and LABLCERT name in the commands above.