We are in the process of setting up a server.  Our current setup only has a trust store, and they would like to look into the option of setting up a keystore in addition to the trust store so we want to see what they benefits would be and if any special setup is required. 

Also we are making a connection to Azure so we have certs installed from Microsoft who have the habit of making changes to and invalidating their certs at a moments notice.  Is there anyway to setup any kind of alerts if a cert is going to be invalidated like we have the alerts for the expiring certs.

Release : 16.0

Component : CA ACF2 for z/OS

ACF2 doesn't recognize any keystore or trust store. For ACF2 to recognize a certificate it must be inserted into the ACF2 database. ACF2 does not have a way of saying that a certificate is invalid, other than failing the connection process. At which point update the certificate needed to restore the connection.