When trying to INSERT a certificate I am getting the 'ACF00178 INVALID CERTIFICATE DATA - FORMAT' message. Why?

Document ID : KB000048330
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The ACF2 ACF INSERT command can be used to INSERT X.509 certificate, a PKCS #7 chain of certificates, or a PKCS #12 chain of certificates with a private key.

Solution:

The error that you are receiving is due to the certificate being a PKCS #10 request which is a certificate request(CSR Certificate Signing Request). A PKCS #10 request cannot be INSERTed and is not supported by a CHKCERT command because it is a certificate request not a certificate.

Once the certificate request is signed by a CA the certificate can be INSERTed into the ACF2 database, or it can be verified by the ACF2 CHKCERT command.

An ACF2 CHKCERT against a CSR will result in the ACF68069 message:

ACF68069 The input data set contains a PKCS #10 request An ACF2 INSERT of a CSR will result in the ACF00178 message:

ACF00178 INVALID CERTIFICATE DATA - LENGTH

Note, the ACF2 GENREQ command is used to create a CSR. The CSR can be sent to an external or local CA to have the CSR signed, and the signed certificatecan then be INSERTed into the ACF2 database.