Extract certificate for renewal with the ACF2 GENREQ command getting:
CAS20EDE Operation GENREQ cannot be performed - User is not defined as OMVS user.

GENCERT of a certificate getting:
CAS20EDE Operation GENCERT cannot be performed - User is not defined as OMVS user

Component : ACF2 for z/OS

In order to issue the GENCERT command the logonid that is issuing the command must be defined to OMVS. The logonid must have a UID and GID assigned. With ACF2 UID and GID are assigned by ACF2 USER Profile records. UIDs and GIDs can be auto-assigned however, this is optional and must be configured. Also note that in order to issue the GENCERT command the logonid needs security authorization by either having SECURITY, Scoped SECURITY or access to the ACFCMD.DIGTCERT.command resource rules in the CASECAUT class as indicated in Command Authorization Requirements.

The following can be done to determine if the logonid is defined to OMVS:

1. For the following commands testlid is the logonid that is issuing the GENCERT command.
   
   ACF
   LIST testlid PROFILE(OMVS)
   LIST testlid
   
   
2. From the display of the second LIST command above look for the 'RESTRICTIONS' section
   
   RESTRICTIONS         GROUP(TESTGRP) PREFIX(USER001)
   
   Note the GROUP field, in the above group TESTGRP.
   
   
3. Next issue the following commands to check the GROUP:
   
   ACF
   SET PROFILE(GROUP) DIV(OMVS)
   LIST TESTGRP

To address the error ensure that the logonid issuing the command has an OMVS User Profile record defined with a UID and the GROUP field on the logonid that has a GID defined.