Replaced a digital certificate in MQ and get a CSQX686E error message that states the certificate has no private key or the private key is not available. It also states to ensure the private key associated with the certificate used is available.
How do you check if the private key is available?
And if it not available how do we make it available.
Also if available, how do you get a new private key for the certificate?
Release : 16.0
Component : CA Top Secret for z/OS
1. Replaced a digital certificate in MQ and get a CSQX686E error message that states the certificate has no private key or the private key is not available. It also states to ensure the private key associated with the certificate used is available.
Answer:
The TSS ADD command to add the signed certificate and re-unite it with its private key was issued on the wrong system.
2. How do you check if the private key is available?
Answer:
The private key is present if a PRIVATE KEYSIZE is displayed when listing the certificate via TSS LIST(xxxxx) DIGICERT(xxxxxx) command.
3. And if it not available how do we make it available.
Answer:
You need to TSS GENREQ the certificate, send it out to be signed, then add the signed certificate back to the security file on the right system and on the same owning acid. Use a DIGICERT name and LABLCERT name that currently doesn't exists, since duplicate names are not allowed in Top Secret.