When encountering problems setting up digital certificates and keyrings. What certificate documentation is usually required to debug/diagnose the problem?

Typically when a site contacts CA-ACF2 support regarding problems related to digital certificates there is specific documentation that is requested to diagnose the problem.

The following list describes the documentation that is typically requested when diagnosing problems related to digital certificates and keyrings.

1. The Server log showing the error messages related to the KEYRING/certificates.
   
   
2. A LIST of the KEYRING that is being used, for example:
   
   ACF
   SET PROFILE(USER) DIVISION(KEYRING)
   LIST userid.suffix
   
   
3. A CHKCERT DUMP of each certificate in the KEYRING, for example:
   
   ACF
   CHKCERT userid.cert 
     or just a CHKCERT of the PERSONAL|SERVR|CLIENT certificate with the CHAIN parameter which will return, verify and list the complete signing chain of CERTAUTH certificates.
   CHKCERT userid.cert CHAIN
   
   
4. The application's parameter list specification that points to the KEYRING.
   
   
5. Any violations in the ACFRPTRV report for the resource class FACILITY and RDATALIB that are related to the failing application.
   
   
6. ACF2 OMVS SECTRACE, this must be set prior to the start of the application STC. The ACF2 UNIX System Service (OMVS) SECTRACE output default destination is the system console.
   
   To set OMVS SECTRACE from the console:
   
   SECTRACE SET,ID=mytrace,,TYPE=OMVS,SFUNC=RDATALIB,END
   
   To delete/disable the OMVS SECTRACE after re-creating the problem from the console:
   
   SECTRACE DELETE,ID=mytrace