Re: Installing a certificate

Sun, 16 Jan 2022 14:18:56 -0800 

On splitting up a pfx file:
https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File describes how to break out certificate & key files from a .pfx file using OpenSSL tools in a Linux environment (and the first sentence suggests there isn't a comparable tool available in native Windows). 


If you don't have access to hardware for running a native Linux system, 
but do have a system running 64-bit Windows 10 Pro (which supports WSL) 
or better yet, a system running any version of Windows 11 (which 
supports WSL 2), an alternative to using a native Linux system would be 
to run OpenSSL under a Ubuntu command-line environment under Windows 
using the Windows Subsystem for Linux (WSL or WSL 2).  The process of 
setting this up under Windows 10 Pro seems rather complex, but appears 
to be much simpler under WSL 2 on Windows 11.


    Joel C Ewing

On 1/16/22 13:28, Charles Mills wrote:

It looks like the answer is No:
https://www.ibm.com/docs/en/zos/2.2.0?topic=syntax-racdcert-add-add-certific
ate#le-add__pkcs712

If you are open to an off-Z solution, I think OpenSSL on Windows or Linux
may be able split up the package for you, but I am not sure of that and do
not have the details for you. Perhaps Windows has an equivalent "native"
function?

Charles


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On
Behalf Of Gadi Ben-Avi
Sent: Sunday, January 16, 2022 4:37 AM
To: [email protected]
Subject: Installing a certificate

Hi,
I am trying to install a certificate into RACF using RACDCERT.
I am using a pfx file that our network guy gave me.
When I run the RACDCERT ADD command, I get a message that says that the
certificate is already there.

I looked at the pfx file using the certutil command in windows and saw that
it contains 3 certificates.

Is there a way to tell RACDCERT to only load specific certificates in the
file?

I am running z/OS v2.3

Thanks

Gadi


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN


--
Joel C. Ewing

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN






















					Reply via email to