On Wednesday, 05/21/2008 at 03:16 EDT, "Huegel, Thomas" <[EMAIL PROTECTED]> wrote: > Well, yes I can (did) make a SELF-SIGNED certificate and it works fine. But my > auditor doesn't like it.
YES! A well-trained auditor. Except when you're a CA, a self-signed cert is, IMO, nearly worthless. You get encryption, but you force a pop-up that people must be trained to 'accept'. Once trained, you can't break their habit without breaking their fingers. And just accepting J. Random Cert blindly is not a good idea. "DOWN WITH SELF-SIGNED CERTS!!" "IDENTITY MATTERS!" "SAVE THE WHALES!" "NO NUKES!" > This is what happens when I tried to store the one from VeriSign. > DTCSSL201E Algorithm error--GSKKM error 146. > and from Thawte.. > DTCSSL2417E The content of file TSTTHAWT X509CERT D cannot be used or is > DTCSSL2417E corrupt. > > Maybe SSLSERV somehow got hosed. I am having them re-boot it tonight. > > SSLADMIN QUERY CERT * > Shows the certs that came with SSLSERV (z/VM 5.3) plus the Self-Signed one I > created. > > I'll see what happens after the re-boot. > > Oh well such is life. I don't think a re-boot will help. There are a couple of possibilities: 1. Perhaps your cut-n-paste from your browser to your XEDIT session didn't do what you intended, or your procedure for uploading the X.509 certificate from <whereever> to VM needs to be tweaked. 2. The CA base certs in the db are bad because of <unspecified reasons>. You may need to regenerate the SSL database and re-request/store your certificate. Please contact the Support Center. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
