What is the ACF2 command that will enable a certificate label to be changed?

Issuing CHANGE command gets error message ACF6D044:

ACF
SET PROFILE(USER) DIV(CERTDATA)
CHANGE USER01.CERT LABEL(User01NewLabel)
ACF6D044 CONFLICTING OPERANDS
END

Release: R16
Component: ACF2MS

The TSO ACF command processor can be used to change a certificate's label.

The syntax of the CHANGE command to change the LABEL of a certificate is CHANGE recid NEWLABEL(label).

For example:

ACF
SET PROFILE(USER) DIV(CERTDATA)
CHANGE USER01.CERT NEWLABEL(User01NewLabel)
END

After a CHANGE of a certificate, issue the following rebuild commands:

F ACF2,REBUILD(USR),CLASS(P)
F ACF2,OMVS

After this is complete, the task using the keyring will need to refresh its SSL/TLS environment in order to pick up the new label. Some programs have SSL/TLS refresh commands, and others require a restart of the address space. AT-TLS requires a policy refresh to re-drive the call to get keyring and certificate information.

Details about Digital Certificates in ACF2 can be found in Techdocs.Broadcom.com Digital Certificate Support.