Inserted Digital Certificate Does Not Have a Private Key Following Insert to ACF2 Database

book

Article ID: 52890

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Description

I received a certificate from another source and it is supposed to be the personal cert for one of our address spaces. I INSERTed the certificate from a dataset, but when I issue a CHKCERT for it, the private key specifies NONE. What happened to the private key?

Solution

If the certificate in the dataset was in PKCS12 format with a private key, you would have had to enter a password on the INSERT command or you would have gotten the error message ACF00184 PASSWORD IS INCORRECT. Issue a CHKCERT against the dataset to see if the private key is there. If the certificate in the dataset is in PKCS12 format and you don't enter a password on the CHKCERT you will get the error message ACF68033 The password is incorrect for the CERTIFICATE . If you don't get that message and the CHKCERT output indicates there is no private key, then the key was either not sent by the originators, or the key was lost during interim processing. You will have to go back to the originator for another copy of the certificate in PKCS12 format with both its public and private keys.

For the certificate to be sent to you with the private key, it would have to be in PKCS12 format and would require a password to EXPORT it and, subsequently, to CHKCERT it or INSERT from it.

If the received certificate is meant to replace one currently on your ACF2 database with the same record id, perhaps with updated validity dates, then it is likely it does not have a private key. In this case it is assumed the private key from the original certificate remained on the database. If the original certificate was deleted, then its private key was deleted as well. If you have not saved the original certificate with its private key (in PKCS12 format) in another dataset, you will have to start over to create a new certificate---and get it signed.

Environment

Release:
Component: ACF2MS