I apologize - I have not been following this thread. From a programming point
of view, USS and RACF managed certificates are pretty compatible. I am
travelling but can get you more info if you need when I land.
CharlesSent from a mobile; please excuse the brevity
-------- Original message --------
From: "Roach, Dennis" <[email protected]>
Date: 9/20/16 9:13 AM (GMT-08:00)
To: [email protected]
Subject: Re: How do I see the end date for a certificate or key on z/OS 1.13
Tectia 6.4?
Thanks for the replies.
Unfortunately, the product was installed to use USS hostkeys files, with the
user keys under the user's home directory, not RACF.
Since the product was ported from the UNIX/Linex/Windows environment, I have
seen no documentation of it being able to use RACF.
For my certificates under RACF, I already have a report.
Dennis Roach, CISSP, PMP
AIG
IAM Access Administration – Consumer | Identity & Access Management
2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019
Phone: 713-831-8799
[email protected] | www.aig.com
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Elardus Engelbrecht
Sent: Tuesday, September 20, 2016 2:06 AM
To: [email protected]
Subject: Re: How do I see the end date for a certificate or key on z/OS 1.13
Tectia 6.4?
Reposting after some RTFM about Tectia and ssh-certview ;-)
That is an interesting product, not too bad. (www.ssh.com)
Roach, Dennis wrote:
>>We need to verify that our certificates are not about to expire. I tried
>>ssh-certview and get the following messages:
>>1. ssh2/id_rsa_2048_a.pub: Failed to open `.ssh2/id_rsa_2048_a.pub':
>>Character set conversions not initialized: cannot convert from 'IBM-1047' to
>>'ISO8859-1'.
>>2. ssh-certview: Failed to autodetect the object type.
>>3. Trying to decode the public key file - failed.
>>Anyone have an idea?
Can you perhaps post just the first two or three lines of that file? Perhaps
the encoding scheme is not correct or you need some parameter to correctly read
that file.
You can place that file in a dataset and then try out RACF to check that file's
content.
RACDCERT CHECKCERT(<dataset containing your certificate>)
Alternatively, can you contact the vendor about this?
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
