Re: Alter TRUST status on a certificate

Wed, 22 Apr 2015 06:21:07 -0700 

Since I just happen to have gone a few rounds in dealing with Certificates, I 
will attempt to give you an answer, because like you, I too "Inherited" 
handling certificates.

Is this a "SITE" certificate, e.g.: it shows up if you do; RACDCERT SITE LIST

If it does, then; racdcert SITE alter(label('Websphere CA')) notrust

Should work

Also, do you belong to the RACF list?

Al Nims
Systems Admin/Programmer 3
Information Technology
University of Florida
(352) 273-1298

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf 
Of [email protected]
Sent: Wednesday, April 22, 2015 9:09 AM
To: [email protected]
Subject: Alter TRUST status on a certificate

All, 

I am new to this certificate stuff. I have inherited this certificate in my 
RACF data base (apparently the only one that has a private key somewhere, no 
ICSF in use, and I have all RACF privileges):

Label: WebSphereCA
Certificate ID: 2QiJmZmDhZmjgeaFguKXiIWZhcPB
Status: TRUST
Start Date: 2009/11/12 07:00:00
End Date:   2019/01/01 06:59:59
Serial Number:
     >00<
Issuer's Name:
     >CN=WAS CertAuth for Security Domain.OU=BBNBASE< Subject's Name:
     >CN=WAS CertAuth for Security Domain.OU=BBNBASE< Key Usage: CERTSIGN Key 
Type: RSA Key Size: 1024 Private Key: YES Ring Associations: *** No rings 
associated ***

I want to change the trust status to NOTRUST, which I currently don't see a way 
(rlist digtcert tells me it has application data=irrcerta):

racdcert alter(label('Websphere CA')) notrust -> IRRD105I No certificate 
information was found for user myuserid.
racdcert alter(label('Websphere CA')) notrust id(irrcerta) -> IRRD102I The user 
ID specified is not defined to RACF (same for IBMUSER, which was the id it was 
installed under) racdcert alter(label('Websphere CA')) notrust certauth -> 
IRRD107I No matching certificate was found for this user. (Is this irrcerta? If 
so, why isn't it found?) racdcert alter(label('Websphere CA')) notrust site -> 
IRRD105I No certificate information was found for user irrsitec.

How do I address this certificate? 

Barbara
                                                          

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
[email protected] with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to