ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When can I remove expired keyring certificates? Will it cause failures or just keep working? Will jobs fail if I remove them from the keyring after they expire if they are still usable?

book

Article ID: 14842

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

There are keyrings that have expired certificates on them.



When can I remove expired keyring certificates?   Will it cause failures or just keep working? Will jobs fail if I remove them from the keyring after they expire if they are still usable?

Environment

Release:
Component: ACF2MS

Resolution

Expired certificates will not cause a problem if left on the keyring.  Digital certificates can be used to encrypt data or tapes.  So if you remove the certificate that was used too soon after it has expired, you will get a job failure.  So you need to determine if your shop has used digital certificates in that way before removing them.  If you have, when will the data be de-encrypted next?  After that time, the new cert will be used to encrypt the data and the old cert can be removed.