SMP/E to download Broadcom maintenance getting GIM69221W or GIM69181S on ACF2 protected system
search cancel

SMP/E to download Broadcom maintenance getting GIM69221W or GIM69181S on ACF2 protected system

book

Article ID: 140769

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

Certificates used for Broadcom SMP/E product maintenance downloads are valid for one year. Client will get SMP/E warning message:

"GIM69221W  CERTIFICATE ACF2 SMPE CERT WILL EXPIRE WITHIN 30 DAYS" prior to the certificates expiration date

or

"GIM69181S ** RECEIVE PROCESSING HAS FAILED. THE CLIENT CERTIFICATE HAS EXPIRED."

This article provides ACF2 instructions to renew the certificate.

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

  1. Go to the Generate Order Certificate page within the Broadcom Support Portal. If not signed on, users will be prompted for Broadcom Support Portal credentials. Log in with a valid Broadcom Support Portal email and password and follow the prompts to generate a new certificate.

  2. Upload the newly generated certificate as text data to your z/OS system in RECFM=VB and LRECL>=84 ASCII format.

    Note: When uploading the certificates to z/OS be sure the appropriate “WRAP” parameter is specified so that the data is wrapped to the next record if no new line character is encountered before the logical record length of the receiving file is reached.

    For example the Windows Command Prompt can be used to FTP the user certificate from a Windows PC to z/OS. Use the following sample FTP commands to avoid truncation:
     
             FTP host.name
             User (host.name:(none)): user001
             331 Send password please.
             Password: xxxxxxxx
             ASCII  QUOTE SITE WRAP LRECL=84 RECFM=VB
             PUT ca-receive-order.cer 'user.mvs.dataset.name' (REPLACE
             quit

  3. REMOVE the certificate that will be expiring from the KEYRING

            SET PROFILE(USER) DIV(KEYRING)
            REMOVE CERTDATA(user1.cert) KEYRING(user1.ring)
     
  4. If you are going to INSERT the new certificate with the same certificate CERTDATA record name, EXPORT the certificate that is about to expire as backup. Specify a PASSWORD on the export command to have the certificate private key backed up as well. After a successful EXPORT, DELETE the certificate.

            SET PROFILE(USER) DIV(CERTDATA)
            EXPORT user1.cert DSN('user1.cert.backup') PASSWORD(password)
            DELETE user1.cert

  5. INSERT the new user certificate. On the INSERT be sure to specify the same LABEL name as the previous user certificate. Use the same password that was used during certificate generation in step 1.

          SET PROFILE(USER) DIV(CERTDATA)
          INSERT user1.cert DSN('user.mvs.dataset.name') LABEL(user1.cert.label) PASSWORD(password)
     
  6. Connect the new certificate to the KEYRING.

         SET PROFILE(USER) DIV(KEYRING)
         CONNECT CERTDATA(user1.cert) KEYRING(user1.ring
Powered by Wolken Software