After inserting a renewed client certificate into ACF2, connecting and rebuilding the keyring in ACF2, and performing an SSL refresh in Connect:Direct, the following error is seen when trying to test the new certificate:
CSPA202E SSL handshake failure, reason=Internal error reported by
CSPA202E remote partner
Release : 16.0
Component : ACF2 for z/OS
On the INSERT of the renewed certificate signed by a 3rd party CA, the LABEL was changed in ACF2, but not on Connect:Direct. After changing the label back to what it was before the INSERT with the NEWLABEL parameter, and performing an SSL refresh on Connect:Direct, the SSL/TLS connection was allowed.
NEWLABEL examples:
SET P(USER) DIV(CERTDATA)
CHA TESTUSR LABEL(AccidentalChange) NEWLABEL(OriginalLabel) << LABEL parameter must be specified if the record key does not have a suffix
CHA TESTUSR.CERT1 NEWLABEL(OriginalLabel) << LABEL parameter does not need to be specified for a record key with a suffix
F ACF2,REBUILD(USR),CLASS(P)
F ACF2,OMVS(CERTDATA)