z/OS Security Server RACF Messages and Codes
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IRRD153I

z/OS Security Server RACF Messages and Codes
SA23-2291-00

IRRD153I
Inconsistency detected for one or more Certificate Authority certificates. Processing continues for the end-entity certificate

Explanation

You are attempting to add either a PKCS #7 or PKCS #12 certificate package to RACF®. The package contains an end-entity certificate and one or more Certificate Authority (CERTAUTH) certificates. While adding the CERTAUTH certificates, an inconsistency was detected for one or more of these certificates. The inconsistency is one of the following tasks:
  1. The certificate is expired.
  2. The certificate has an incorrect date range relative to the issuing CA certificate. (The validity period is not completely contained within the validity period of the issuing CA certificate.)
  3. The issuer of the certificate is missing from the certificate package and is not already installed under CERTAUTH.
  4. The certificate has an unknown signature algorithm.

System action

The CERTAUTH certificates are added. In most cases, the trust status set for these certificates is NOTRUST. See z/OS Security Server RACF Command Language Reference information about how the trust status was determined. Processing continues for the end-entity certificate.

User response

If the CERTAUTH certificates are required, check the certificates that were added under CERTAUTH to determine which ones have the inconsistency. Contact your certificate supplier to determine if replacement certificates are available. If so, adding them replaces the inconsistent ones. Otherwise, if you want to use the certificates as is, you should change their status to TRUST. To change the trust status, you should use the RACDCERT ALTER command.

Parent topic: RACDCERT command messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014