What ACF2 entries are stored in PKDS and if a PKDS record is created while issuing GENCERT or INSERT of a signed certificate?
Environment
Release : 16.0
Component : ACF2 for z/OS
Resolution
Public or private keys are stored in ICSF PKDS.
If the certificate has PKDSLBL(xxxxxxxx) specified, then when INSERTing this certificate, ACF2 will try to associate the certificate with the ICSF database.
If there is no PKDSLBL then the public key should be included in the certificate file itself that is being INSERTed.
If you import a signed certificate that has keys in the ICSF PKDS, you need to insure that the certificate's PKDSLBL(PKDS label) that is being imported points to a PKDS label in the ICSF PKDS. In other words if you want to copy a certificate from LPAR a to LPAR b, will need to first copy over the keys that are stored in LPAR a to LPAR b and then export the certificate from LPAR a and INSERT(import) the certificate on LPAR b.
If you are copying the ACF2 database, you will need to insure that any keys that are associated with certificates in the ACF2 databases(based on the certificates PKDSLBL parameter) are copied first and then copy the ACF2 databases.