I apologize - I have not been following this thread. From a programming point 
of view, USS and RACF managed certificates are pretty compatible. I am 
travelling but can get you more info if you need when I land.


CharlesSent from a mobile; please excuse the brevity

-------- Original message --------
From: "Roach, Dennis" <dennis.ro...@aig.com> 
Date: 9/20/16  9:13 AM  (GMT-08:00) 
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: Re: How do I see the end date for a certificate or key on z/OS 1.13 
Tectia 6.4? 

Thanks for the replies. 
Unfortunately, the product was installed to use USS hostkeys files, with the 
user keys under the user's home directory, not RACF.
Since the product was ported from the UNIX/Linex/Windows environment, I have 
seen no documentation of it being able to use RACF.

For my certificates under RACF, I already have a report.

Dennis Roach, CISSP, PMP
AIG
IAM Access Administration – Consumer | Identity & Access Management

2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019
Phone:  713-831-8799

dennis.ro...@aig.com | www.aig.com 

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Elardus Engelbrecht
Sent: Tuesday, September 20, 2016 2:06 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: How do I see the end date for a certificate or key on z/OS 1.13 
Tectia 6.4?

Reposting after some RTFM about Tectia and ssh-certview ;-)

That is an interesting product, not too bad. (www.ssh.com)

Roach, Dennis wrote:

>>We need to verify that our certificates are not about to expire. I tried 
>>ssh-certview and get the following messages:
>>1.       ssh2/id_rsa_2048_a.pub: Failed to open `.ssh2/id_rsa_2048_a.pub': 
>>Character set conversions not initialized: cannot convert from 'IBM-1047' to 
>>'ISO8859-1'.
>>2.       ssh-certview: Failed to autodetect the object type.
>>3.       Trying to decode the public key file - failed.
>>Anyone have an idea?

Can you perhaps post just the first two or three lines of that file? Perhaps 
the encoding scheme is not correct or you need some parameter to correctly read 
 that file.

You can place that file in a dataset and then try out RACF to check that file's 
content.

RACDCERT CHECKCERT(<dataset containing your certificate>)

Alternatively, can you contact the vendor about this?

Groete / Greetings
Elardus Engelbrecht

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to