ACF2 GENREQ gets ACF68037 This certificate does not have a private key

book

Article ID: 144800

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

When trying to GENREQ a cert, getting

ACF                                                       
Set profile(user) div(certdata)                                   

genreq SITECERT.NDMFD07 dsname('CSA05.SITECERT.NDMFD07.GENREQ')  

ACF68037 This certificate does not have a private key             

 

 

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

The GENREQ and REKEY commands require a certificate that contains a private key. This is because the GENREQ command is used to create a certificate request(CSR) to send to a Certificate Authority(CA) to have the certificate RENEWed or resigned. The CA will sign and/or renew the certificate, send it back and then  an INSERT(replace) of the certificate that you GENREQ'd. If the certificate does not have a private key then the certificate cannot be renewed or re-signed. 

In order to do the GENREQ either a copy of the certificate in question needs to be located that has the private key or a new certificate will need to be created(GENCERT).