When an ACF2 user attempts to register their digital certificate automatically to the ACF2 database using a site created script that calls IBM's initACEE callable service (IRRSIA00), they receive an error and are unable register their certificate:
SELFREG: Internal SAF error
The following is seen in the joblog for the time of the error:
EDC5143I No such process. (errno2=0x0BE8044C)
SAF authentication failure for "/.../certregister.rexx": SAFRunAs failure on switching SAF UID to name in SSL certificate (%%CERTIF%%).
pthread_security_applid_np(...) returned -1, errno 143 errno2 be8044c
It's been confirmed that the user has access to IRR.DIGTCERT.ADD in the FACILITY class and has access to the OMVSAPPL APPLID. What is causing this error?
Release : 16.0
Component : ACF2 for z/OS
When an internal error such as this occurs, the easiest way to diagnose is to perform the task manually within ACF2. Doing this will reveal the ACF2 error message stating what the problem is. Manually inserting the certificate resulted in a ACF0A025 INSUFFICIENT SPACE IN DATABASE TO COMPLETE REQUEST.
A LISTCAT of the INFOSTG database revealed that the database was full. Expanding the INFOSTG database resolved the ACF0A025 error and allowed for automatic certificate registration to resume.
Note that the ACFRPTOM report revealed the following error, but does not indicate what the internal error is:
initACEE TESTUSR TESTGRP xxxxxxxxxx xxxxxxxxxx 8 8 8
03/01/22 22.060 7.46.23 TESTUSR ABC ABC
Failed - An internal error occurred during security processing
Function: Reg Cert Attribute flags: 00000000
Userid: Applid: OMVSAPPL
Password: NO Passphrase: NO Certificate: YES ACEE Addr: NO
An OMVS SECTRACE and MVS SECTRACE did not reveal anything additional as to what the internal error was. The RV report showed that access to the required resources was being granted.