Hay Charles: We see what you are doing and wish you all the best. Thanks again for helping NewEra develop the Complete Certificate Solution.
<https://i.imgur.com/7XSxawv.png> Paul Robichaux | Co-Founder NewEra Software, Inc. [email protected] <mailto:[email protected]> www.newera.com <https://www.newera.com/> 8070 Santa Teresa Blvd, Suite 240, Gilroy CA 95020 <https://maps.google.com/?q=8070+Santa+Teresa+Blvd%2C+Suite+240%2C+Gilroy+CA+95020> (800) 421-5035 <tel:8004215035> (408) 520-7100 <tel:4085207100> <https://www.youtube.com/@newerasoftwareinc> <https://www.linkedin.com/company/newera-software/> <https://x.com/zNewEraSoftware> <https://www.instagram.com/myicedirect> <https://open.spotify.com/show/0Pgrb3NR28NaPLdvHRHCtM?si=2ab3e0e85c704bdd> > On Nov 6, 2025, at 8:24 AM, Charles Mills <[email protected]> wrote: > > X-Posted RACF-L and IBM-MAIN > > Did you ever wish for a simple way to get your arms around all of your RACF* > digital certificates, without it being a project of its own? Without having > to learn a sequence of complex commands? VUECERTS is the answer! > > VUECERTS is a free certificate discovery program for z/OS. Unlike native RACF > commands, VUECERTS provides a complete inventory of all of your certificates, > and there is no command syntax to learn. > > The RACF certificate commands are notoriously difficult to master. Further, > there simply IS no combination of commands that will give you a complete > inventory of all of your certificates, nor any way to see the relationships > among your certificates – essential for effective certificate management. > > With VUECERTS you simply type one command – TSO VUECERTS – from any ISPF > prompt and get back a complete inventory of all of your RACF certificates. > Your certificates are displayed in their PKI hierarchy, clearly showing the > relationship of each endpoint certificate to its intermediate and root > certificates. Each certificate is shown with its essential details: userid, > label, abbreviated subject name, and expiration details. You also get > warnings for imminent certificate expirations and other anomalous conditions. > Here’s an example of a PKI hierarchy: > > CERTAUTH 'DigiCert Global Root G2' > | > CERTAUTH 'DigiCert Global G2 RSA 2020 CA1' > | > JES2UID 'PRODDC.SERVER.AUG2024' > | > JES2UID 'PRODDCDIGICERTSEPT2020' > > Further, certificates are grouped by the status of their root certificates. > For example, certificates dependent on an expired root are clearly indicated. > There is no learning curve: certificates are displayed in an ISPF VIEW panel, > so you can use familiar commands like FIND to locate particular keywords, > subject names, userids or dates. > > VUECERTS also discovers all of your keyrings, and clearly shows both the > certificates connected to each keyring, and for each certificate, the > keyrings to which it is connected. > > If you want more detail about any certificate, all you have to do is put the > cursor on the line and hit a PF key – and you get the full RACDCERT LIST for > the certificate. You can even get template RACDCERT commands for each > certificate – easy to edit into a LIST, LISTCHN, ALTER or DELETE command. > > No APF authorization. RACF SPECIAL not required, only three specific RACF > permissions as specified in the documentation. VUECERTS does not examine or > process private keys. > > *VUECERTS at this time is supported for RACF and gskkyman certificate stores > only. We are actively seeking partners to test VUECERTS with the Broadcom > security products. > > How do you get VUECERTS? Sam Golob has graciously worked with me to make it > CBTTAPE.ORG file number 1067. VUECERTS is written in C++, but the executable > load module as well as the source and instructions for building are included > in the CBT download. > > One of the things I am not crazy about with the CBT Tape is that if you want > to see the documentation you have to download the file, unzip it, upload it > to your z/OS and then RECEIVE it. So here’s a limited time offer that I hope > I won’t regret: send me a note off-list and I will send you the documentation > in PDF format. > > Enjoy! > > Charles Mills > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
