When trying to GENREQ a cert, getting

ACF                                                       
Set profile(user) div(certdata)                                   

genreq SITECERT.NDM dsname('CSA05.SITECERT.NDM.GENREQ')  

ACF68037 This certificate does not have a private key             

 

 

Release : 16.0
Component : CA ACF2 for z/OS

The GENREQ and REKEY commands require a certificate that contains a private key. This is because the GENREQ command is used to create a certificate request(CSR) to send to a Certificate Authority(CA) to have the certificate RENEWed or resigned. The CA will sign and/or renew the certificate, send it back and then  an INSERT(replace) of the certificate that you GENREQ'd. If the certificate does not have a private key then the certificate cannot be renewed or re-signed. 

In order to do the GENREQ either a copy of the certificate in question needs to be located that has the private key or a new certificate will need to be created(GENCERT).