Thanks Allan and Colin, I can list the certificate in gskkyman with no problem (when gskkyman works...). I'll try to IPL this guest as a standalone (it doesn't run network well as a second level vm) and report results.
Best, ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Mon, Jun 12, 2023 at 4:16 PM Allan Staller < [email protected]> wrote: > Classification: Confidential > > Did you transfer the certificate as text (DO NOT USE BINARY). > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of Itschak Mugzach > Sent: Sunday, June 11, 2023 1:29 AM > To: [email protected] > Subject: Certificate differences between Z/VM and Z/OS? > > [CAUTION: This Email is from outside the Organization. Unless you trust > the sender, Don't click links or open attachments as it may be a Phishing > email, which can steal your Information and compromise your Computer.] > > I have a certificate signed by an intermediate CA that is self signed (the > CA certificate). The certificate CN is not specific for a client. > Now I installed it on Z?OS RACF and it works with no problem against a > server having a server certificate from the same CA. > Now I installed the same certificate on Z/VM (gskyman) and tried to > connect to the same server. The certificate is refused and the server asks > for renegotiating (which is impossible at TLS 1.2). > > Why does that happen? Both certificates are marked TRUSTED. > > ITschak > > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux > and IBM I **| * > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* > *Skype**: ItschakMugzach **|* *Web**: http://www.securiteam.co.il/ **|* > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > ::DISCLAIMER:: > ________________________________ > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. E-mail transmission is not > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or may contain > viruses in transmission. The e mail and its contents (with or without > referred errors) shall therefore not attach any liability on the originator > or HCL or its affiliates. Views or opinions, if any, presented in this > email are solely those of the author and may not necessarily reflect the > views or opinions of HCL or its affiliates. Any form of reproduction, > dissemination, copying, disclosure, modification, distribution and / or > publication of this message without the prior written consent of authorized > representative of HCL is strictly prohibited. If you have received this > email in error please delete it and notify the sender immediately. Before > opening any email and/or attachments, please check them for viruses and > other defects. > ________________________________ > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
