When encountering problems setting up digital certificates and keyrings. What certificate documentation is usually required to diagnose the problem?
searchcancel
When encountering problems setting up digital certificates and keyrings. What certificate documentation is usually required to diagnose the problem?
book
Article ID: 26651
calendar_today
Updated On: 10-06-2023
Products
ACF2ACF2 for zVMACF2 - z/OSACF2 - MISC
Issue/Introduction
When encountering problems setting up digital certificates and keyrings. What certificate documentation is usually required to debug/diagnose the problem?
Environment
Release: Component: ACF2MS
Resolution
Typically when a site contacts CA-ACF2 support regarding problems related to digital certificates there is specific documentation that is requested to diagnose the problem.
The following list describes the documentation that is typically requested when diagnosing problems related to digital certificates and keyrings.
The Server log showing the error messages related to the KEYRING/certificates.
A LIST of the KEYRING that is being used, for example:
ACF SET PROFILE(USER) DIVISION(KEYRING) LIST userid.suffix
A CHKCERT DUMP of each certificate in the KEYRING, for example:
ACF CHKCERT userid.cert or just a CHKCERT of the PERSONAL|SERVR|CLIENT certificate with the CHAIN parameter which will return, verify and list the complete signing chain of CERTAUTH certificates. CHKCERT userid.cert CHAIN
The application's parameter list specification that points to the KEYRING.
Any violations in the ACFRPTRV report for the resource class FACILITY and RDATALIB that are related to the failing application.
ACF2 OMVS SECTRACE, this must be set prior to the start of the application STC. The ACF2 UNIX System Service (OMVS) SECTRACE output default destination is the system console.