If you mean certificates for TLS, the USS gskkyman utility is great for testing/verification. Nothing wrong with it for production, but most sites in my experience are happier with the certs in SAF (RACF/ACF2/TSS) for production. The beauty of gskkyman is that it's isolated AND discrete. With SAF you can screw other folks up and/or think you have it working correctly when you don't. With gskkyman you can create a database containing just the certificate(s) you think you need and verify that they work, then move them to SAF.
gskkyman operates via a series of prompts, so it's pretty easy to use: * Get the certificate in a USS file, preferably as a Base64-encoded file (doesn't have to be, just easier to say "Yep, that looks like a certificate") * Go into gskkyman and import it * Point the application truststore at the gskkyman database and test Obviously I'm making a bunch of assumptions about what you're doing in the above, so none of it may apply. ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
