Duplicate digital certs with different ISSUERDN in ACF2
search cancel

Duplicate digital certs with different ISSUERDN in ACF2

book

Article ID: 246465

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Can two certificates for mvsdev.abcstoret,com with different issuers exist in the ACF2 database?  Would the certificates be a duplicate?

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

There can be two certificates for mvsdev.abcstoret.com which will have different issuers, if the two certificates are owned by the same logonid the certificates would need to have different labels.

Here is an example of two certificates owned by logonid ELADD with the same SUBJDN with different ISSUERDSs:

GENCERT ELADD.CERT1 SUBJ(CN=‘mvsdev.abcstoret.com’ OU=‘MyCo’ C=US) LABEL(ELAServer) SIGNWITH(certauth Label(LocalELA1 CA))                                       
  CERTDATA / ELADD.CERT1 LAST CHANGED BY USER002 ON 07/18/22-10:57              
                       ISSUERDN(CN=ELA1CA.OU=Auditing Department.O=Company Name.
                       C=US) KEYSIZE(2,048) LABEL(ELAServer) SERIAL#(02)        
                       SUBJDN(CN=mvsdev.abcstoret.com.OU=MyCo.C=US) TRUST        
  Certificate is not connected to any key rings                                 
 PROFILE                                                                        
GENCERT ELADD.CERT2 SUBJ(CN=‘mvsdev.abcstoret.com’ OU=‘MyCo’ C=US) LABEL(ELAServer2) SIGNWITH(certauth Label(LocalELA2 CA))                                      
  CERTDATA / ELADD.CERT2 LAST CHANGED BY USER002 ON 07/18/22-10:57              
                       ISSUERDN(CN=ELA2CA.OU=Auditing Department.O=Company Name.
                       C=US) KEYSIZE(2,048) LABEL(ELAServer2) SERIAL#(03)       
                       SUBJDN(CN=mvsdev.abcstoret.com.OU=MyCo.C=US) TRUST        
  Certificate is not connected to any key rings      

Powered by Wolken Software