Can Elliptic Curve Digital Signature Algorithm (ECDSA) certificates be imported into the ACF2 INFOSTG database? Will it work on an LPAR with ACF2 where ICSF is not active?

ACF2 does support ECDSA certificates, and they can be imported in PKCS#12 (DER/B64), PKCS#7 (DER/B64) or CERT (DER/B64) formats. However, ICSF must be active on the LPAR where the INSERT is performed.

Even if the private-public keypair is generated outside of ACF2, ACF2 requires ICSF PKCS #11 functions to validate the elliptic curve algorithm signature during the import process. If ICSF is not active at the time of the INSERT command, the process will fail with error: ACF00128 The certificate being processed does not have a valid signature.