Why does a CHKCERT fail with message "ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" ?
The first thing to check is if ACF2 PTF SO05363 is applied. If the PTF is applied verify the following.
The ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" error is an indication that the certificate file on z/OS is not in the correct format for a certificate. This is most likely caused by FTPing the certificate to z/OS in the wrong format. Depending on how the certificate package was created, it could be in binary format or ASCII format. You may want to trying re-FTPing the certificate in the other format ASCII/BINARY and then re-try the CHKCERT command.
ACF2 supports the INSERT of certificates in the following format:
- certificate encoded using the X.509 Distinguished Encoding Rules (DER).
- certificate encoded using the standard X.509 base-64 encoding
- certificate DER-encoded PKCS#12 certificate package
- certificate DER-encoded then base-64 encoded PKCS #12 certificate package
- certificate DER encoded PKCS 7 certificate package
- certificate base-64 encoded PKCS 7 certificate package
To correct the error:
To avoid FTP truncation, use the following FTP commands:
QUOTE SITE WRAP LRECL=84 BLKSIZE=27998 RECFM=VB
PUT cert_file_name ‘z/OS dataset name’ (REPLACE