What is the cause of ACF67030 INVALID OPERAND - SUBJECTSDN on a GENCERT?

Document ID : KB000011106
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I am converting RACF commands to ACF2 commands and I am getting error message ACF67030 INVALID OPERAND - SUBJECTSDN on a GENCERT. I entered the GENCERT as follows:

ACF 
GENCERT CERTAUTH.WEBCERT SUBJECTSDN(CN='SSRE CertAuth for Security Domain' OU='SSRE.WebSphere FOR zOS') 
LABEL(WebSphereCA-SSRE) TRUST EXPIRE(2015/12/31)
Answer:

The keyword SUBJECTSDN is accepted by RACF, but not by ACF2. The correct keyword for ACF2 is SUBJSDN.

ACF
GENCERT CERTAUTH.WEBCERT SUBJSDN(CN='SSRE CertAuth for Security Domain' OU='SSRE.WebSphere FOR zOS')
LABEL(WebSphereCA-SSRE) TRUST EXPIRE(2015/12/31)