IBM Power Connect, learn, share, and engage with IBMPower. Join / Log in
I am not sufficiently au fait with Certs to know if this will help or not but ...
I was able to deal with a number of cert store issues by using this new tooling from Jesse Gorzinski https://github.com/ThePrez/DCM-tools#dcmimport - he is expanding its capabilities all the time.
Message CPF9872 description says
2--A pointer was used, either directly or as a basing pointer, that has not been set to an address
I agree with the suggestion provided by Satid since prior to that fix, it was occasionally seen that certificates were being imported incorrectly as CA certificates.
The major difference between a Server certificate and CA certificate from DCM's point of view is a server certificate has an associated private key with that certificate stored in the certificate store; a CA certificate does not have a private key in the certificate store. It was seen that various platforms organize the contents of a PKCS12 files differently and the QykmImportKeyStore API needed to be updated which now does a much better job of associating private keys that reside in a PKCS12 file with the correct certificate during import so the certificate will be correctly imported as a server certificate instead of a CA.