How can I find out all of the notrust certificates in ACF2?
Release : 16.0
Component : CA PAM Client for Linux for zSeries
Use the SAFCRRPT utility. This utility will let you specify TRUST or NOTRUST, which will display only the certificates that have either TRUST or NOTRUST status.
An example, minus the jobcard would be:
//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=64M
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
RECORDID(-) SUMMARY NOTRUST
https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/reporting/other-ca-acf2-utilities.html