TSS0940I Duplicate Certificate Detected. But It Isn't.

Document ID : KB000047103
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Symptoms: 

 

-The CA Top Secret command CHKCERT executed against the DSN containing the digital certificate shows that it is unknown. 

-Nevertheless, when we try to add that digital certificate to CA Top Secret, we receive the following message: TSS0940I DUPLICATE CERTIFICATE DETECTED along with its serial number.

-Going further the SAFCRRPT report also shows that this digital certificate is unknown. 

-This is occurring when we ADD and REMOVE the same digital certificate many times.

 

Environment: 

 

 

-z/OS 2.1; CA Top Secret r15.0
 

 

Resolution:

 

-Depending on the amount of ADD/REMOVE rate, it might happen that the CA Top Secret in core tables are out of synchronization. 
 
-Issue the TSS MODI SYNCH to rebuild the in core tables then the digital certificate can be added back to CA Top Secret.
 

 

Additional Information: 

 

-For CA Top Secret r15.0, refer to CA Top Secret for z/OS Control Options Guide; Chapter #2 Specific Control Options --> SYNCH

 

-For CA Top Secret r16.0, go to docops.ca.com site. Sign-in, select Using --> Specifying Control Options to Modify Your Security Environment --> SYNCH