The SAFCRRPT Certificate Utility is used to display the certificate hierarchy in your database. Optionally, it will display each certificate, its signing certificate, the certificates that it has signed, and all of the information provided with the CHKCERT and LIST commands.

When running the SAFCRRPT certificate utility to display the certificate hierarchy in our Top Secret Security File, we received message:

CAS2525E Not authorized to run the utility

The signed on acid has READ access to IBMFAC(IRR.DIGTCERT.LIST) and IBMFAC(IRR.DIGTCERT.LISTRING).

However, the CA Top Secret violation report indicates UPDATE is needed for IBMFAC(IRR.DIGTCERT.LIST).

If the certificates are not obtained from a KEYRING, then UPDATE access to:

IBMFAC(IRR.DIGTCERT.LIST)

is required to run the report.