On 12/06/2023 2:59 pm, Tom Longfellow wrote:
I am worn out from all of these "learning" opportunities and want to get back to "doing" the job I am paid to do.
IBM doesn't do its customers any favors with the way they handle certificates.
Every other operating system installs default trusted certificates, and all this "just works" (mostly). IBM has decided they don't want to tell customers who to trust, but the reality is that this makes communication over the internet difficult or impractical.
It's even more difficult because RACF is different to everything else out there, so it's hard to find examples.
I accept that IBM has customers who need to do their own vetting of CAs. However, IBM could provide e.g. a separate optional FMID that installed a set of trusted certificates updated by PTF, the same as other operating systems. Customers could select whether or not the standard CA certificates were installed.
That would make life much easier for customers who just want to use TLS for internet connections, and leave vetting CAs to their operating system vendors.
-- Andrew Rowley Black Hill Software ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
