When can I remove expired keyring certificates? Will it cause failures or just keep working? Will jobs fail if I remove them from the keyring after they expire if they are still usable?

book

Article ID: 14842

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

There are keyrings that have expired certificates on them.



When can I remove expired keyring certificates?   Will it cause failures or just keep working? Will jobs fail if I remove them from the keyring after they expire if they are still usable?

Environment

Release:
Component: ACF2MS

Resolution

Expired certificates will not cause a problem if left on the keyring.  Digital certificates can be used to encrypt data or tapes.  So if you remove the certificate that was used too soon after it has expired, you will get a job failure.  So you need to determine if your shop has used digital certificates in that way before removing them.  If you have, when will the data be de-encrypted next?  After that time, the new cert will be used to encrypt the data and the old cert can be removed.