Issue accessing a changed keyring for PAGENT after keyring update?

book

Article ID: 211671

calendar_today

Updated On:

Products

CA ACF2 - z/OS

Issue/Introduction

Added new certificates to a keyring and performed a rebuild in acf2

we have a production sysplex that has 4 lpars. The following ACF commands were issued on all LPARs:

F ACF2,REBUILD(USR),CLASS(P)
F ACF2,OMVS

Afterwards, the z/os policy agent rule was updated to use the new certificate label. Everything was fine on three of the lpars, but on one lpar started to get initial handshake RC 6 errors, which eventually after a number of hours went away.

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

After updating certificates used in the PAGENT process ensure that the following ACF2 commands are issued on all connected systems:

F ACF2,REBUILD(USR),CLASS(P)
F ACF2,OMVS 

Also, consider any updating or refreshing needed from the PAGENT product to make the changes available to PAGENT policies.