When I try to import an ACF2 created digital certificate to a LINUX box, it is Rejected with message 'Password Is Invalid'

Document ID : KB000025554
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

A digital certificate built by CA ACF2 was exported to a LINUX box, but the import is rejected with a message that the password is invalid or the PKCS12 password has been corrupted or been created with an unsupported version of PKCS12. The certificate requires a private key. Why is it rejected?

Answer:

Ensure that FORMAT=PKCS12DER is specified when you EXPORT the package from CA ACF2. If the FORMAT is PKCS12B64, that isn't going to work. PKCS12B64 will only work when exported to a RACF, Top Secret or CA ACF2 mainframe system.

In order to import on any other platform, such as LINUX or Windows, you have to use FORMAT=PKCS12DER and then FTP the file in BINARY format.