search cancel

Receiving "ACF8A341 Certificate CERTAUTH.AUTOnnn Label STG CODE SIGNING CA - G2 inserted"

book

Article ID: 32406

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 - z/OS ACF2 - MISC

Issue/Introduction

After deleting some unused CERTAUTH certificates and IPLing receiving the following message:
"ACF8A341 Certificate CERTAUTH.AUTOnnn Label STG CODE SIGNING CA - G2 inserted"

During the first IPL after upgrading to z/OS 2.2 getting the message: 
"ACF8A341 Certificate CERTAUTH.AUTOnnn Label STG CODE SIGNING CA - G2 inserted"

 

Environment

Release: 16.0

Resolution

In this case the certificate that was added is a part of the z/OS 2.2 support for the R_PgmSignVer callable service used for Program Signing and Verification.
CA ACF2 supports program signing and the verification of programs. Sites may dictate that certain programs must have valid digital signatures prior to their
loading in the system. This support includes the IBM root CA certificate labeled 'STG Code Signing CA' that was included with z/OS 1.11 support and now the new CA certificate labeled 'STG CODE SIGNING CA - G2' required for z/OS 2.2 support.

Note that if these certificates are deleted from the ACF2 database, they will automatically be re-inserted at the next system restart.

In addition, if the original certificate with label "STG Code Signing CA" is included in any keyrings, this new certificate with label "STG CODE SIGNING CA - G2" will also be added to each keyring. If the original certificate has been modified to include the TRUST attribute, the new certificate will also be modified to include the TRUST attribute.

 

 

Additional Information

Details on Program Signing and Verification can be found in section "Program Signing and Verification" in the ACF2 documentation.