When encountering problems setting up digital certificates and keyrings. What documentation is usually required to diagnose the problem?
Typically when a site contacts CA-ACF2 support regarding problems related to digital certificates there is specific documentation that is requested to diagnose the problem.
The following list describes the documentation that is typically requested when diagnosing problems related to digital certificates and keyrings.
- The Server log showing the error messages related to the KEYRING/certificates.
- A LIST of the KEYRING that is being used, for example:
SET PROFILE(USER) DIVISION(KEYRING)
- A CHKCERT DUMP of each certificate in the KEYRING, for example:
CHKCERT userid.cert DUMP
- The application's parameter list specification that points to the KEYRING.
- Any violations in the ACFRPTRV report for the resource class FACILITY that are related to the failing application.
- ACF2 OMVS SECTRACE, this must be set prior to the start of the application STC. The ACF2 UNIX System Service (OMVS) SECTRACE output default destination is the system console.
To set OMVS SECTRACE from the console:
To delete/disable the OMVS SECTRACE after re-creating the problem from the console: