RACF® is verifying the digital signature or message authentication code (MAC) on the certificate or certificate request supplied with the ADD, IMPORT, GENCERT, or CHECKCERT keyword. The signature did not verify. The certificate or certificate request might be altered since it was originally created. If you are adding, importing, or checking on a self-signed certificate, or generating a new certificate using a certificate request, the certificate or certificate request was altered and cannot be used. If you are adding or importing a non-self-signed certificate, either the certificate was altered, or the CERTAUTH certificate that RACF is using to verify the signature is not the correct CERTAUTH certificate. This means that the CERTAUTH certificate has a Subject Distinguished Name that matches the Issuers Distinguished Name in the input certificate but the key within the CERTAUTH certificate is not the one that was used to sign the input certificate. This can only happen if the given certificate authority is operating with multiple keys, which are typically a setup error. For example, it is possible that the RACDCERT GENCERT command was issued more than once specifying the same SUBJECTSDN.