ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ACF2 GENREQ gets ACF68037 This certificate does not have a private key

book

Article ID: 144800

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

When trying to GENREQ a cert, getting

ACF                                                       
Set profile(user) div(certdata)                                   

genreq SITECERT.NDMFD07 dsname('CSA05.SITECERT.NDMFD07.GENREQ')  

ACF68037 This certificate does not have a private key             

 

 

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

The GENREQ and REKEY commands require a certificate that contains a private key. This is because the GENREQ command is used to create a certificate request(CSR) to send to a Certificate Authority(CA) to have the certificate RENEWed or resigned. The CA will sign and/or renew the certificate, send it back and then  an INSERT(replace) of the certificate that you GENREQ'd. If the certificate does not have a private key then the certificate cannot be renewed or re-signed. 

In order to do the GENREQ either a copy of the certificate in question needs to be located that has the private key or a new certificate will need to be created(GENCERT).