IKYP028E PKI SERVICES DISTINGUISHED NAME OR KEY CHANGE ERROR

Explanation
PKI Services is starting.
Initialization processing has retrieved the PKI Services signing
certificate from the key ring assigned to PKI Services. The certificate
is incompatible with certificate processing that has previously transpired.
The subject's distinguished name or the public key or both differ
from the previous values used. The subject's distinguished name cannot
be changed without reconfiguring PKI Services. The public
key can be changed, but only if the key rollover process is performed.

System action
PKI Services stops.

System programmer response
Determine if PKI Services is processing
the correct certificate. If your security product is RACF®, your certificate is contained in a RACF profile that is established
when you first configured PKI Services. That certificate
must be connected as the default certificate to the key ring identified
by the KeyRing keyword in the PKI Services configuration
file. (The default location for this file is /etc/pkiserv/pkiserv.conf.) Use the RACF RACDCERT LIST
and LISTRING commands to determine if the correct certificate is connected
to the key ring. If you are attempting to rekey the PKI Services CA, you
must follow the rollover process that is detailed in RACF administration for PKI Services. Make any required changes. Then, restart PKI Services. For more
information, see z/OS Security Server RACF Security Administrator's Guide.

Routing code
2

Descriptor code
6