Mark Pace wrote:
Trying to follow the directions in the RACF manual to renew a self-signed
certificate that expired.
A display for ID TN3270
Label:TnServerCert
Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA
Status:TRUST
Start Date:2008/05/30 00:00:00
End Date: 2009/05/30 23:59:59
Serial Number:00
Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US
Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US
Private Key Type:Non-ICSF
Private Key Size:1024
Ring Associations:
Ring Owner:TN3270
Ring:TNRING
So I see it exists and it's expired.
Next create a certificate request based on the old certificate.
*racdcert id(TN3270) genreq(label('TnServerCert')) dsn('ibmuser.cert.req')*
This executes and creates the IBMUSER.CERT.REQ file.
Then renew and replace the certficate.
*racdcert id(TN3270) gencert('ibmuser.cert.req')
signwith(label('TnServerCert'))
*
*IRRD107I No matching certificate was found for this user.*
I can't figure out why it says this certificate is not found, when I clearly
displayed it earlier.
I think you need "signwith(id(TN3270) label('TnServerCert'))",
however, I have never tried signing a cert with itself, so I
don't know if this works.
Do others have a copy of this cert on their TN3270 clients,
or do they just accept a self-signed cert?
If they just accept the self-signed cert, just create a new
one.
Alternatively, you could create a signing cert with a long
End Date and use that to sign your cert. If the clients have
a copy of your cert, just give them a copy of your signig
cert to use as the CA for your TN3270 cert.
--
Richard
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
