Gilson Cesar de Oliveira
2018-05-03 11:19:14 UTC
Dear list:
I'd like to hear from this group, which way we have to follow in order to add in RACF the root chain from external partners that have encrypted connections but using self signed certificate.
I will describe the three ways we have imported the root chain:
1- Add the certificate with "Certificate Owner" = CERTAUTH and the CONNECT with the option USAGE=CERTAUTH.
RACDCERT CERTAUTH ADD('DSN.ROOT') +
WITHLABEL('External Root') TRUST
RACDCERT CONNECT(CERTAUTH LABEL('External Root') +
RING(RingName) USAGE(CERTAUTH)) ID(userid)
2-Add the certificate with "Certificate Owner" = userid and the CONNECT with the option USAGE=PERSONAL.
RACDCERT ID(userid) +
ADD('DSN.ROOT') +
WITHLABEL('External Root') +
TRUST
RACDCERT ID(userid) CONNECT(LABEL('External Root') +
RING(RingName) USAGE(PERSONAL))
3- Add the certificate with "Certificate Owner" = userid and the CONNECT with the option USAGE=CERTAUTH
RACDCERT ID(userid) +
ADD('DSN.ROOT') +
WITHLABEL('External Root') +
TRUST
RACDCERT ID(userid) CONNECT(LABEL('External Root') +
RING(RingName) USAGE(CERTAUTH))
All the options we have tested worked fine but I'd like to know if there is a standard way to add/import the certificate.
If the certificate is from an external CA like Symantec, Digicert, Certisign, etc. the process is the same or do we have to follow another way to import the root chain certificate ?
Thanks in advance for any help.
Regards,
Gilson Cesar
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
I'd like to hear from this group, which way we have to follow in order to add in RACF the root chain from external partners that have encrypted connections but using self signed certificate.
I will describe the three ways we have imported the root chain:
1- Add the certificate with "Certificate Owner" = CERTAUTH and the CONNECT with the option USAGE=CERTAUTH.
RACDCERT CERTAUTH ADD('DSN.ROOT') +
WITHLABEL('External Root') TRUST
RACDCERT CONNECT(CERTAUTH LABEL('External Root') +
RING(RingName) USAGE(CERTAUTH)) ID(userid)
2-Add the certificate with "Certificate Owner" = userid and the CONNECT with the option USAGE=PERSONAL.
RACDCERT ID(userid) +
ADD('DSN.ROOT') +
WITHLABEL('External Root') +
TRUST
RACDCERT ID(userid) CONNECT(LABEL('External Root') +
RING(RingName) USAGE(PERSONAL))
3- Add the certificate with "Certificate Owner" = userid and the CONNECT with the option USAGE=CERTAUTH
RACDCERT ID(userid) +
ADD('DSN.ROOT') +
WITHLABEL('External Root') +
TRUST
RACDCERT ID(userid) CONNECT(LABEL('External Root') +
RING(RingName) USAGE(CERTAUTH))
All the options we have tested worked fine but I'd like to know if there is a standard way to add/import the certificate.
If the certificate is from an external CA like Symantec, Digicert, Certisign, etc. the process is the same or do we have to follow another way to import the root chain certificate ?
Thanks in advance for any help.
Regards,
Gilson Cesar
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN