The following error message is seen when trying to INSERT a digital certificate into ACF2:

ACF00178 INVALID CERTIFICATE DATA - LENGTH 

Why is this occurring?

Release: R16
Component: ACF2MS

The error is typically due to the certificate being a PKCS #10 request which is a Certificate Signing Request (CSR). A PKCS #10 request cannot be INSERTed and is not supported by a CHKCERT command because it is a certificate request, not a certificate. The ACF2 INSERT command can be used to INSERT X.509 certificate, a PKCS #7 chain of certificates, or a PKCS #12 chain of certificates with a private key.

Once the certificate request is signed by a CA the certificate can be INSERTed into the ACF2 database, or it can be verified by the ACF2 CHKCERT command.

An ACF2 CHKCERT against a CSR will result in the ACF68069 message:

ACF68069 The input data set contains a PKCS #10 request

An ACF2 INSERT of a CSR will result in the ACF00178 message:

ACF00178 INVALID CERTIFICATE DATA - LENGTH

Note, the ACF2 GENREQ command is used to create a CSR. The CSR can be sent to an external or local CA to have the CSR signed, and the signed certificate can then be INSERTed into the ACF2 database.