Hi Nathan - I believe the HMCs come default with a self-signed certificate (meaning not generated by a real Certificate Authority), rather the kind that anyone can just create on their own - getting the encryption benefits, but not the verification ones that come with certificates.
I think the HMC can generate a certificate itself - I've not done it, but see here: http://www-01.ibm.com/support/docview.wss?uid=nas8N1020801 If the certificate has, in fact, been upgraded by your organization to be a real cert, either generated by your company's internal Certificate Authority, or by a real CA (like Verisign, for instance) - then you have to go through them to get a new cert with the SHA2 family of hashing algorithms. If you want a custom self-signed cert, you can regenerate one of those yourself - there are a multitude of instructions on how to do this with something like openssl on the web (google openssl generate self signed cert). I linked a simple one below. Some useful links. https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/ https://www-304.ibm.com/servers/resourcelink/lib03030.nsf/pages/howtousethehardwaremanagementconsole/$file/remote_security.htm Hope that helps Chad ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Nathan Astle <[email protected]> Sent: Wednesday, November 18, 2015 8:23 AM To: [email protected] Subject: HMC certificate SHA-2 Hello, Could someone point me the procedure for upgrading the SHA-1 certificate to SHA-2 in HMC ? I searched with the keyword "SHA-2 certificate HMC + z/OS" from the Google but not getting a correct document to follow on. Could someone shed light on the above ? Nathan ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
