IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

USAGE parameter of RACDCERT CONNECT command
IBM Mainframe Forums -> All Other Mainframe Topics
Post new topic   Reply to topic Quick References
View previous topic :: View next topic  
Author Message
Deepak_Raj

New User


Joined: 02 Nov 2025
Posts: 3
Location: India
PostPosted: Fri Nov 07, 2025 11:37 pm
 Reply with quote
I was adding a vendor Receive order Client/User certificate to RACF followed by a connect SMPE keyring, with below set of commands :
Code:

RACDCERT ADD('vendor.CLIENT') SITE +                                       
  PASSWORD('**********') WITHLABEL('vendor SMPE Client Certificate') TRUST 

RACDCERT  CONNECT(SITE +                                                   
  LABEL('vendor SMPE Client Certificate') RING(smpering) +                 
  USAGE(SITE)) ID(SMPE) 
                                                   
SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH                               


The CA certificate was already present for its certificate authority.
After adding certificate, when I ran the RECEIVE Order job I received below error :
Code:

GIM69148S ** KEY RING SMPE/smpering ASSOCIATED WITH USERID SMPE WAS NOT FOUND.


I checked using LISTRING command and I see that USER ID 'SMPE' is present along with the 'smpering' keyring .
To fix this issue, I tried few random variations and when I used:
Code:
 USAGE(CERTAUTH)
in RACDCERT CONNET, it worked!!!
The receive order job was able to reach the servers!

I did read through IBM documentations. As per my understanding we should use USAGE as SITE for client/user certificates and CERTAUTH for CA certificates. However, It did not work in my case and I had to use USAGE(CERTAUTH) for a client/user certificate.

Can anyone able to figure out how exactly USAGE parameter work in RACDCERT CONNECT command ?
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1750
Location: Tirupur, India
PostPosted: Tue Nov 11, 2025 7:25 pm
 Reply with quote
Since you get this,
Code:
GIM69148S ** KEY RING SMPE/smpering ASSOCIATED WITH USERID SMPE WAS NOT FOUND.

You can use the below command to list the keyring:
Code:
RACDCERT ID(SMPE) LISTRING(smpering)

It should list the added certificate label and other details, if it is properly added.

Code:
RACDCERT ADD('vendor.CLIENT') SITE +                                       
  PASSWORD('**********') WITHLABEL('vendor SMPE Client Certificate') TRUST

In this command you can have SITE or CERTAUTH or ID. I usually use ID, in this case it would be ID(SMPE) instead of the SITE keyword. That way the owner of certificate would be SMPE.
Back to top
View user's profile Send private message
Deepak_Raj

New User


Joined: 02 Nov 2025
Posts: 3
Location: India
PostPosted: Thu Nov 20, 2025 5:07 pm
 Reply with quote
Hey Vasanth,

Thanks for the reply.

I have checked the "smpering" keyring and certificates are available.
The question that I have here is on the behavior of USAGE keyword in the CONNECT command.
USAGE(SITE) for client/user certificate does not make my RECEIVE ORDER job to run but USAGE(CERTAUTH) makes it run. I could not find any technical answers for this in the documentation.

Do you happen to know anything on USAGE usage ?
Back to top
View user's profile Send private message
View previous topic : : View next topic  
Post new topic   Reply to topic All times are GMT + 6 Hours
Forum Index -> All Other Mainframe Topics

 

Similar Topics
Topic Forum Replies
No new posts creat new line command in front of Me... TSO/ISPF 4
No new posts c all command JCL & VSAM 11
No new posts REXX/CMS How to place command console... CLIST & REXX 4
No new posts Help needed in automation cics transa... CLIST & REXX 1
No new posts How to Login in to cics region and is... CICS 9
Search our Forums:


Back to Top
IBMMainframes.com is not an official and/or affiliated with IBM® in anyway
Board Rules | FAQ | Downloads | Wiki | SiteMap | Contact Us