RACDCERT LISTCHN will show the whole signing chain. For the Windows client you do not need any intermediate certificates, nor do you need the server certificate*, you just need the root certificate.
*Unless it is self-signed, in which case it IS (also) its own root certificate. If you do not know the label to put into LISTCHN, LISTRING should give it to you. If the root certificate is from a well-known CA (DigiCert, GoDaddy, Comodo, etc.) then you can download it from their Web site at no charge. Make sure it is the correct root certificate -- the one shown by LISTCHN -- they will have several. If the root certificate is from your internal PKI group then they should be very familiar with sending it to you in PC-compatible format. This should not be their first rodeo. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tim Hare Sent: Wednesday, November 18, 2020 12:36 PM To: [email protected] Subject: Re: Using PCOMM with SSL ? If you can export the cert in z/OS then you ought to be able to use one of the RACF certificate displays to determine who signed it. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
