"CAS2525E Not Authorized To Run The Utility" With SAFCRRPT Utility

Document ID : KB000025330
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

The SAFCRRPT Certificate Utility is used to display the certificate hierarchy in your database. Optionally, it will display each certificate, its signing certificate, the certificates that it has signed, and all of the information provided with the CHKCERT and LIST commands.

When running the SAFCRRPT certificate utility to display the certificate hierarchy in our CA Top Secret Security File, we received message:

CAS2525E Not authorized to run the utility

The signed on acid has READ access to IBMFAC(IRR.DIGTCERT.LIST) and IBMFAC(IRR.DIGTCERT.LISTRING).

However, the CA Top Secret violation report indicates UPDATE is needed for IBMFAC(IRR.DIGTCERT.LIST).

Answer: 

If the certificates are not obtained from a KEYRING, then UPDATE access to:

IBMFAC(IRR.DIGTCERT.LIST)

is required to run the report.

Additional Information:

Please refer to the CA Top Secret Report and Tracking Guide for more details about the SAFCRRPT utility.