Why does a CHKCERT fail with message "ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" ?

Document ID : KB000014470
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Why does a CHKCERT fail with message "ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" ?

Answer:

The ACF68076 Unsupported KEY algorithm. Cannot CHKCERT the certificate" error is an indication that the certificate file on z/OS is not in the correct format for a certificate. This is most likely caused by FTPing the certificate to z/OS in the wrong format.  Depending on how the certificate package was created, it could be in binary format or ASCII format. You may want to trying re-FTPing the certificate in the other format ASCII/BINARY and then re-try the CHKCERT command. 

ACF2 supports the INSERT of certificates in the following format: 

- certificate encoded using the X.509 Distinguished Encoding Rules (DER).
- certificate encoded using the standard X.509 base-64 encoding
- certificate DER-encoded PKCS#12 certificate package
- certificate DER-encoded then base-64 encoded PKCS #12 certificate package
- certificate DER encoded PKCS 7 certificate package
- certificate base-64 encoded PKCS 7 certificate package