Hi folks Has anyone managed to successfully import into RACF a self-signed server certificate generated by Sterling Commerce's Windows-based "Certificate Wizard"?
I've been sent one by one of our customers; they use it on their Windows-based C:D server, apparently quite successfully on their other C:D sessions from that server. However I can't import the certificate into RACF as a Certificate Signing Authority (CERTAUTH) as it issues message: IRRD126I The certificate contains either a key usage or basic constraint extension indicating that it may not be used as a Certificate Authority certificate. The certificate is not added. This seems fairly reasonable since the attributes of the certificate only specify HANDSHAKE and DATAENCRYPT (not CERTAUTH), however, this is the standard for a self-signed server certificate coming out of the Certificate Wizard - in fact you can neither add nor remove attributes in this case. I've tried importing it as a personal certificate for our C:D server, and it accepts that. I've tried putting it in the keyring as USAGE(PERSONAL), and USAGE(CERTAUTH) but either way C:D fails to negotiate the session, instead issuing message: CSPA202E SSL handshake failure, reason=GSK_ERR_SELF_SIGNED I've had a call open for some time now with Sterling's support and although they're being very attentive and helpful, we're not managing to fix this, and the suggestion now is that we need to find out why RACF is not accepting the certificate, since Windows seems quite happy to do so. Hopefully someone out there has done this (Windows C:D <-> z/OS C:D) successfully and can tell me where I'm going wrong? Cheers Brian ----------------------------------------- Email sent from www.virginmedia.com/email Virus-checked using McAfee(R) Software and scanned for spam ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
