Self signed certificate renewal fails with IRRD107I No matching certificate

Technote (troubleshooting)


Problem(Abstract)

Renewal of a self signed certificate, which has expired, fails with IRRD107I No Matching Certificate Found For This User.

Cause

Either the user ID being used to renew the certificate does not have sufficient authority to complete the renewal or the signing certificate does not belong to the user ID executing the renewal.

Resolving the problem

RACF Messages and Codes provides recommended user responses to correct this error. The RACF Command Language Reference documents that you must either have the SPECIAL attribute, or sufficient authority to the IRR.DIGTCERT.ADD and IRR.DIGTCERT.GENCERT resources in the FACILITY class, based on the certificate owner and the SIGNWITH value, as shown in Table 23 at the above link. For the SIGNWITH parameter itself (within the GENCERT command) the signing certificate must belong to the user ID executing the command (or SITE or CERTAUTH must be specified). If the SITE and CERTAUTH keywords are omitted, the signing certificate owner defaults to the user ID of the command issuer.

Historical Number

87522
L6Q
000

Product Alias/Synonym

WMQ MQ

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere MQ
Security

Software version:

7.0.1, 7.1

Operating system(s):

OS/390, z/OS

Reference #:

1635624

Modified date:

2013-04-26

Translate my page

Machine Translation

Content navigation