ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ACF2 GENREQ gets ACF68037 This certificate does not have a private key


Article ID: 144800


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC


When trying to GENREQ a cert, getting

Set profile(user) div(certdata)                                   


ACF68037 This certificate does not have a private key             




Release : 16.0
Component : CA ACF2 for z/OS


The GENREQ and REKEY commands require a certificate that contains a private key. This is because the GENREQ command is used to create a certificate request(CSR) to send to a Certificate Authority(CA) to have the certificate RENEWed or resigned. The CA will sign and/or renew the certificate, send it back and then  an INSERT(replace) of the certificate that you GENREQ'd. If the certificate does not have a private key then the certificate cannot be renewed or re-signed. 

In order to do the GENREQ either a copy of the certificate in question needs to be located that has the private key or a new certificate will need to be created(GENCERT).