Change certificate SUBJDN gets ACF00103 NOT AUTHORIZED TO CHANGE FIELD SUBJDN

book

Article ID: 143666

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

The command  attempted was

SET PROFILE(USER) DIVISION(CERTDATA)
CHANGE  WZZZZ1.CERT1 SUBJDN(CN=ZIPSS11.QWDDK.NA)
Error received was ACF00103 NOT AUTHORIZED TO CHANGE FIELD SUBJDN  

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

The CHANGE command for the CERTDATA profile record can only change active date, expire date, label or trust status. The only way to change the SUBJDN of a existing certificate is to re-GENCERT of the certificate.

The section: 'Changing CERTDATA Profile Records' under the 'CHANGE' command correctly documentation the CHANGE command in regards to the CERTDATA Profile Record:

Issue the following command to enter profile administration mode.

set profile(user) div(certdata)

Issue  the CHANGE command to change only the following fields in the CERTDATA profile record:
active date - [active(date)]
expire date - [expire(date)]
label - [newlabel(label)]
trust status - [hitrust | trust | notrust]