What is the difference between the certificate EXPIRE date and the 'Not valid after' validity date?

book

Article ID: 16701

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction



What is the difference between the certificate EXPIRE date and the 'Not valid after' validity date?

Environment

Release:
Component: ACF2MS

Resolution

EXPIRE date is not the same as the 'Not valid after' validity date in the certificate itself. The EXPIRE date gives the security administrator the ability to specify when the profile record associating the user to the certificate expires. This date must fall in the range of the certificate's  'Not valid before' and  'Not valid after' validity dates and must be later than the CERTDATA record activation date, if one exists. Once this EXPIRE date is reached the certificate will not be returned from a  R_datalib request. Note that a certificate with no EXPIRE date and a 'Not valid after' validity date that has past will be returned from a R_datalib request, it is up to the application to determine how/if the certificate will be used.