If a new CERTUATH certificate is added to ACF2, what needs to be done to refresh the AT-TLS policy agent to activate the new certificate within the virtual keyring?
Release : 16.0
Component : CA ACF2 for z/OS
If a new CERTAUTH certificate is added in virtual keyring and AT-TLS policy is pointing to the virtual keyring as shown below as an example:
This is a case when a change is made, but it’s not reflected by a change in action as the certificate in a keyring is being added, but the key ring name is same in the policy file. Simply refreshing the pagent policy will not refresh the AT-TLS environment in this case.
A force refresh of AT-TLS is needed by changing some parameter. The EnvironmentUserInstance parameter can be used for this purpose. Incrementing the INSTANCE Number forces a refresh of AT-TLS without changing any of the security parameters.