On Wednesday, 05/21/2008 at 03:16 EDT, "Huegel, Thomas"
<[EMAIL PROTECTED]> wrote:
> Well, yes I can (did) make a SELF-SIGNED certificate and it works fine.
But my
> auditor doesn't like it.

YES!  A well-trained auditor.  Except when you're a CA, a self-signed cert
is, IMO, nearly worthless.  You get encryption, but you force a pop-up
that people must be trained to 'accept'.  Once trained, you can't break
their habit without breaking their fingers.  And just accepting J. Random
Cert blindly is not a good idea.

"DOWN WITH SELF-SIGNED CERTS!!"
"IDENTITY MATTERS!"
"SAVE THE WHALES!"
"NO NUKES!"

> This is what happens when I tried to store the one from VeriSign.
> DTCSSL201E Algorithm error--GSKKM error 146.
> and from Thawte..
> DTCSSL2417E The content of file TSTTHAWT X509CERT D cannot be used or is
> DTCSSL2417E corrupt.
>
> Maybe SSLSERV somehow got hosed. I am having them re-boot it tonight.
>
> SSLADMIN QUERY CERT *
> Shows the certs that came with SSLSERV (z/VM 5.3) plus the Self-Signed
one I
> created.
>
> I'll see what happens after the re-boot.
>
> Oh well such is life.

I don't think a re-boot will help.  There are a couple of possibilities:

1.  Perhaps your cut-n-paste from your browser to your XEDIT session
didn't do what you intended, or your procedure for uploading the X.509
certificate from <whereever> to VM needs to be tweaked.

2.  The CA base certs in the db are bad because of <unspecified reasons>.
You may need to regenerate the SSL database and re-request/store your
certificate.

Please contact the Support Center.

Alan Altmark
z/VM Development
IBM Endicott

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to