Our corporate certificate management folks are now mandating that all
Subject Alternate Names be placed in the CSR. That's a problem for
RACF which cannot add more than one SAN (we are at z/OS 2.5). How do
others generate the CSR? If we generate a cert say in USS, using
openssl or gskkyman, send that off to our local certificate folks, get
back a certificate, then what? I assume we will need to export that
cert (along with it's private key) and import that cert into RACF. The
export/import process is what I'm unsure of.
I also use the z/OS Health Checker to see which RACF Certs are expiring
in the next 60 days. Will importing a certificate not created in RACF
cause the cert to not show up in the HC?
And I simply don't see why RACF could not be made to generate more than
one SAN. Will that change with z/OS 3.1?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
