Trying to setup a keystore, what needs to be done for ACF2?


Article ID: 198829


Updated On:


CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA LDAP Server for z/OS CA PAM Client for Linux for zSeries CA Web Administrator for Top Secret


We are in the process of setting up a server.  Our current setup only has a trust store, and they would like to look into the option of setting up a keystore in addition to the trust store so we want to see what they benefits would be and if any special setup is required. 

Also we are making a connection to Azure so we have certs installed from Microsoft who have the habit of making changes to and invalidating their certs at a moments notice.  Is there anyway to setup any kind of alerts if a cert is going to be invalidated like we have the alerts for the expiring certs.


Release : 16.0

Component : CA ACF2 for z/OS


ACF2 doesn't recognize any keystore or trust store. For ACF2 to recognize a certificate it must be inserted into the ACF2 database. ACF2 does not have a way of saying that a certificate is invalid, other than failing the connection process. At which point update the certificate needed to restore the connection.