On Tuesday, 08/04/2009 at 12:45 EDT, Marcy Cortes <[email protected]> wrote: > Wrong words. > > I used option 4 to create the CSR. Took that to the CMS (Certificate > Management System) and used for the request. > Once I got it, I used option 5 to receive it. I had used option 7 to import > the root and intermediate certs before doing the option 5.
That is the correct process. You only need private keys for certs that represent your system. o Double-check your TLSLABEL spec in the telnet/ftp server config and make sure you've got the right label, not one pointing to a root or intermediate cert. o Display the content of your key database and ensure you don't see any nearly-identical labels. o Make sure the cert you think you're using has the label you think it has. o As an aside, make sure your intermediate and root certs are marked "trusted" so that your telnet and ftp clients will accept server certs from other systems that were signed by those same certs. Alan Altmark z/VM Development IBM Endicott
