> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Mark Pace
>
> Trying to follow the directions in the RACF manual to renew a
self-signed
> certificate that expired.
>
> A display for ID TN3270
>
> Label:TnServerCert
> Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA
> Status:TRUST
> Start Date:2008/05/30 00:00:00
> End Date: 2009/05/30 23:59:59
> Serial Number:00
> Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US
> Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US
> Private Key Type:Non-ICSF
> Private Key Size:1024
> Ring Associations:
> Ring Owner:TN3270
> Ring:TNRING
>
> So I see it exists and it's expired.
> Next create a certificate request based on the old certificate.
> *racdcert id(TN3270) genreq(label('TnServerCert'))
dsn('ibmuser.cert.req')*
> This executes and creates the IBMUSER.CERT.REQ file.
>
> Then renew and replace the certficate.
> *racdcert id(TN3270) gencert('ibmuser.cert.req')
> signwith(label('TnServerCert'))
> *
> *IRRD107I No matching certificate was found for this user.*
>
> I can't figure out why it says this certificate is not found, when I
clearly
> displayed it earlier.
I believe this "renewal" process works only if the certificate to be
renewed has not yet expired.
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
