CMMVC6225W The system certificate must be manually exported using the chsystemcert-export command and installed as a signer certificate in IBM Security Verify, using the id_alias from the lssystem command as the friendly name.
Explanation
When Multi-factor Authentication was previously configured, the system certificate was exported and installed in IBM Security Verify as a signer certificate. As part of the svcconfig restore procedure, a new system has been created and therefore a new system certificate has been generated. This means the old system certificate in use by IBM Security Verify is no longer valid. Until this is resolved, users will not be able to authenticate using secondary authentication factors when logging into the GUI.User response
Once the restore procedure completes successfully, manually export the new system certificate using the chsystemcert -export command. Then install this as a signer certificate in IBM Security Verify. Run the lssystem command to find the system id_alias, then use this as the value for the friendly name in IBM Security Verify.