During my first IPL after upgrading to z/OS 2.2, why do I receive message "ACF8A341 Certificate CERTAUTH.AUTOnnn Label STG CODE SIGNING CA - G2 inserted"?

Document ID : KB000032406
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

During the first IPL after upgrading to z/OS 2.2, why do I receive message
"ACF8A341 Certificate CERTAUTH.AUTOnnn Label STG CODE SIGNING CA - G2 inserted"?.

 

Answer:

In this case the certificate that was added is a part of the z/OS 2.2 support for the
R_PgmSignVer callable service used for Program Signing and Verification.
CA ACF2 supports program signing and the verification of programs.
You may dictate that certain programs must have valid digital signatures prior to their
loading in the system. This support includes the IBM root CA certificate labeled 'STG Code Signing CA'
that was included with z/OS 1.11 support and now the new CA certificate labeled 'STG CODE SIGNING CA - G2'
required for z/OS 2.2 support.

Note that if you delete this certificate from the CA ACF2 database, it will automatically
be re-inserted at the next system restart.

In addition, if the original certificate with label "STG Code Signing CA" is included in any
keyrings, this new certificate with label "STG CODE SIGNING CA - G2" will also be added to each keyring.
If the original certificate has been modified to inlcude the TRUST attribute, the new certificate will also
be modified to include the TRUST attribute.

 

Additional Information:

Details on Program Signing and Verification can be found in the CA ACF2 for z/OS Administrator Guide,
in Chapter 27: Digital Certificate Support, section "Program Signing and Verification".

This functionality was introduced by PTF RO84731