Users may receive the following warning message during SMP/E RECEIVE processing, indicating that a certificate for Internet Service Retrieval is nearing expiration:

GIM69221W CERTIFICATE CA Receive Order WILL EXPIRE WITHIN [N] DAYS.

After generating and uploading new certificates (such as Broadcom User Certificates and DigiCert Roots) to the security product (RACF, ACF2, or Top Secret), users need a reliable method to verify that the new configuration is valid and will function correctly.

Common Components and Services for z/OS 15.0

The existing CA Receive Order user certificate is approaching its expiration date. While new certificates may be correctly added to the External Security Manager (ESM) and connected to the SMP/E keyring, users require functional evidence of their validity.

The most effective way to verify that a certificate is active and correctly configured in the keyring is to submit a functional test job.

Functional Verification via SMP/E

1. Submit an SMP/E RECEIVE ORDER job.
2. To minimize the amount of data downloaded, request a specific PTF or use the CONTENT(HOLDDATA) operand. For example:
    

    

   RECEIVE ORDER(CONTENT(HOLDDATA))FORTNID(GLOBAL).

3. Review the SMPOUT DD.
   • If the job completes without the GIM69221W warning or GIM69207S errors, the configuration is valid and using the new certificate.
   • If errors occur, verify that the ORDERSERVER XML points to the correct keyring and that the new certificate labels match those defined in your security product.