Dear list:
I'd like to hear from this group, which way we have to follow in order to add
in RACF the root chain from external partners that have encrypted connections
but using self signed certificate.
I will describe the three ways we have imported the root chain:
1- Add the certificate with "Certificate Owner" = CERTAUTH and the CONNECT
with the option USAGE=CERTAUTH.
RACDCERT CERTAUTH ADD('DSN.ROOT') +
WITHLABEL('External Root') TRUST
RACDCERT CONNECT(CERTAUTH LABEL('External Root') +
RING(RingName) USAGE(CERTAUTH)) ID(userid)
2-Add the certificate with "Certificate Owner" = userid and the CONNECT with
the option USAGE=PERSONAL.
RACDCERT ID(userid) +
ADD('DSN.ROOT') +
WITHLABEL('External Root') +
TRUST
RACDCERT ID(userid) CONNECT(LABEL('External Root') +
RING(RingName) USAGE(PERSONAL))
3- Add the certificate with "Certificate Owner" = userid and the CONNECT with
the option USAGE=CERTAUTH
RACDCERT ID(userid) +
ADD('DSN.ROOT') +
WITHLABEL('External Root') +
TRUST
RACDCERT ID(userid) CONNECT(LABEL('External Root') +
RING(RingName) USAGE(CERTAUTH))
All the options we have tested worked fine but I'd like to know if there is a
standard way to add/import the certificate.
If the certificate is from an external CA like Symantec, Digicert, Certisign,
etc. the process is the same or do we have to follow another way to import the
root chain certificate ?
Thanks in advance for any help.
Regards,
Gilson Cesar
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
