Why does a CHKCERT fail with message "ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" ?
The ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" error is an indication that the certificate file on z/OS is not in the correct format for a certificate. This is most likely caused by FTPing the certificate to z/OS in the wrong format. Depending on how the certificate package was created, it could be in binary format or ASCII format. You may want to trying re-FTPing the certificate in the other format ASCII/BINARY and then re-try the CHKCERT command.
ACF2 supports the INSERT of certificates in the following format:
- certificate encoded using the X.509 Distinguished Encoding Rules (DER).
- certificate encoded using the standard X.509 base-64 encoding
- certificate DER-encoded PKCS#12 certificate package
- certificate DER-encoded then base-64 encoded PKCS #12 certificate package
- certificate DER encoded PKCS 7 certificate package
- certificate base-64 encoded PKCS 7 certificate package
To correct the error:
QUOTE SITE WRAP LRECL=84 BLKSIZE=27998 RECFM=VB
PUT cert_file_name ‘z/OS dataset name’ (REPLACE