My somewhat limited experience on this subject is that you cannot new an expired certificate. Now that it's expired you must request a new certificate.
Thanks, Ray Baraniecki Morgan Stanley GWMG 18th Floor 1 New York Plaza New York, NY 10004 Office - 212-276-5641 Cell - 917-597-5692 [email protected] BE CARBON CONSCIOUS. PLEASE CONSIDER OUR ENVIRONMENT BEFORE PRINTING THIS E-MAIL. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Pace Sent: Tuesday, June 02, 2009 2:28 PM To: [email protected] Subject: Re: SSL certificate renewal I don't see how you would go about changing the end date. I would assume that is the purpose of renewing the certificate. On Tue, Jun 2, 2009 at 2:12 PM, Michael Saraco < [email protected]> wrote: > I have never tried it with an expired cert but have you tried to change > the end date in the expired cert yet to see if that fixes your problem. > When creating certs I always change the expire date to something way out > there so I do not have problems. > > > Michael Saraco > Systems Consultant > 303-838-3374 x115 > Cell 507-525-0530 > > > > From: > Mark Pace <[email protected]> > To: > [email protected] > Date: > 06/02/2009 01:05 PM > Subject: > Re: SSL certificate renewal > Sent by: > IBM Mainframe Discussion List <[email protected]> > > > > Yes - all my users receive the certificate, and that is why I had hoped to > renew it with the same key, so I would not have to send out a new cert to > all the users. It's looking more like I will have to generate a new > certificate and send it out. > > On Tue, Jun 2, 2009 at 1:56 PM, Richard Peurifoy > <[email protected]>wrote: > > > Mark Pace wrote: > > > >> Trying to follow the directions in the RACF manual to renew a > self-signed > >> certificate that expired. > >> > >> A display for ID TN3270 > >> > >> Label:TnServerCert > >> Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA > >> Status:TRUST > >> Start Date:2008/05/30 00:00:00 > >> End Date: 2009/05/30 23:59:59 > >> Serial Number:00 > >> Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US > >> Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US > >> Private Key Type:Non-ICSF > >> Private Key Size:1024 > >> Ring Associations: > >> Ring Owner:TN3270 > >> Ring:TNRING > >> > >> So I see it exists and it's expired. > >> Next create a certificate request based on the old certificate. > >> *racdcert id(TN3270) genreq(label('TnServerCert')) > >> dsn('ibmuser.cert.req')* > >> This executes and creates the IBMUSER.CERT.REQ file. > >> > >> Then renew and replace the certficate. > >> *racdcert id(TN3270) gencert('ibmuser.cert.req') > >> signwith(label('TnServerCert')) > >> * > >> *IRRD107I No matching certificate was found for this user.* > >> > >> I can't figure out why it says this certificate is not found, when I > >> clearly > >> displayed it earlier. > >> > >> > > I think you need "signwith(id(TN3270) label('TnServerCert'))", > > however, I have never tried signing a cert with itself, so I > > don't know if this works. > > > > Do others have a copy of this cert on their TN3270 clients, > > or do they just accept a self-signed cert? > > > > If they just accept the self-signed cert, just create a new > > one. > > > > Alternatively, you could create a signing cert with a long > > End Date and use that to sign your cert. If the clients have > > a copy of your cert, just give them a copy of your signig > > cert to use as the CA for your TN3270 cert. > > > > -- > > Richard > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: GET IBM-MAIN INFO > > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > > > -- > Mark Pace > Mainline Information Systems > 1700 Summit Lake Drive > Tallahassee, FL. 32317 > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -------------------------------------------------------------------------- Important Notice to Recipients: It is important that you do not use e-mail to request, authorize or effect the purchase or sale of any security or commodity, to send fund transfer instructions, or to effect any other transactions. Any such request, orders, or instructions that you send will not be accepted and will not be processed by Morgan Stanley Smith Barney. The Global Wealth Management Group of Morgan Stanley & Co. Incorporated and the Smith Barney division of Citigroup Global Markets Inc. have combined into Morgan Stanley Smith Barney LLC, a new investment adviser and broker-dealer registered with the Securities and Exchange Commission. The sender of this email is an employee of Morgan Stanley Smith Barney. Important disclosures on Morgan Stanley and Citi Investment Research & Analysis research reports may relate in part to the separate businesses of Citigroup Global Markets Inc. and Morgan Stanley that now form Morgan Stanley Smith Barney LLC. To view these important research disclosures, go to http://www.morganstanley.com/researchdisclosures and https://www.citigroupgeo.com/geopublic/Disclosures/index_a.html. If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
