Is it possible to work out which certificates in the ACF2 database are being used and which are not?
Release : 16.0
Component : CA ACF2 for z/OS
There is no way to ascertain whether a certificate has been used at some time in the past.
A "sectrace type=OMVS sfunc=rdatalib" command can be used trace an application and see
which certificates are used at the time of being traced.
The SAFCRRPT report can be used to display all certificates that are active (available to be used) or those that are expired (cannot be used).
To test if a specific certificate is being used, the trust status can be changed to notrust which will prevent the certificate to be returned when a client or server tasks requests the certificates from a keyring.
Change the certificate to NOTRUST and stop and re-start the Server or Client task. Certificates that are marked as NOTRUST will not be returned when certificates are returned with a Keyring during Server or Client task initialization(R_datalib calls). This can be done as follows:
SET PROFILE(USER) DIV(CERTDATA)
CHANGE user001.cert NOTRUST
stop and re-start the server or client task