On 1/23/2018 12:51 AM, Barbara Nitz wrote:
While we're on the topic of ShopZ order downloads: Why do the SMPE books say to
make my private certificate (that I got from IBM for shopz) a CERTAUTH
certificate? I certainly didn't do that - it is just PERSONAL, and I made it
the default in the keyring, and I downloaded the order that way.
The SMP/E Users Guide suggests connecting the user certificate to your
keyring like this:
RACDCERT ID(ring-owner) CONNECT(LABEL('SMPE Client Certificate') +
RING(keyringname) USAGE(CERTAUTH) )
The note at the bottom of this page says this:
"To enable the user certificate to be easily shared by other user IDs
without requiring unnecessarily high levels of access for those other
user IDs, the user certificate must be connected to the key ring as a
certificate authority (CA) certificate (USAGE of CERTAUTH). This allows
the user certificate to be shared without requiring other user IDs to
access the certificate’s associated private key."
I believe your point is that if you do not intend for multiple userids
to use the same certificate, then you don't need to connect it to your
keyring with USAGE(CERTAUTH). Fair point.
Kurt Quackenbush -- IBM, SMP/E Development
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
