Inserted a new Server certificate in P7B/PKCS#7 Format and when starting the tomcat server the following error is received:
Caused by: java.lang.IllegalArgumentException: The private key of TOMCATPR.MVSTECH is not available or no authority to access the private key
Caused by: java.io.IOException: The private key of TOMCATPR.MVSTECH is not available or no authority to access the private key
.at com.ibm.crypto.provider.RACFInputStream.getEntry(Unknown Source)
Release : 16.0
Component : CA ACF2 for z/OS
The errors can occur if the new server certificate does not have a private key.
If a certificate has a private key the CHKCERT display would include:
Private Key Type:
Private key bit size:
And the CERTDATA record would include KEYSIZE(xxxx), for example:
CERTDATA / LDAPR151.CERT LAST CHANGED BY USER010 ON 08/06/19-14:33
dcom.C=US) KEYSIZE(2,048) LABEL(MyServer) SERIAL#(02)
A P7B/PKCS#7 Format file/certificate does not contain a private key. A new server certificate would need to be obtained from a PFX/P12/PKCS#12 Format file/certificate which would include the certificates and the private key.