For the validation process, I would agree that putting the whole cert chain in
the server side's keyring is a better approach so that the client side only
needs to have the root certificate in its keyring. It is simpler and it can
avoid the scenario if the client has an expired intermediate
Don Grinsell wrote:
>In my experience (ACF2) intermediate certs are also inserted using
CERTAUTH. Essentially anything in the certificate chain for a SITECERT or
USER cert is a CERTAUTH item.
As I read and learn more about this, I'm convinced that the above is
incorrect. My understanding is
: CERTAUTH vs SITE vs user certificate
Actually with RDATALIB, you should be able to share a cert with multiple
regions as well without using SITE.
Rob Schramm
On Wed, Jul 27, 2016, 12:01 PM Ward, Mike S <mw...@ssfcu.org> wrote:
> I know that a site certificate can b e shared by many CIC
Actually with RDATALIB, you should be able to share a cert with multiple
regions as well without using SITE.
Rob Schramm
On Wed, Jul 27, 2016, 12:01 PM Ward, Mike S wrote:
> I know that a site certificate can b e shared by many CICS regions with
> different controlling
I know that a site certificate can b e shared by many CICS regions with
different controlling userids. A user certificate requires that each region
that is sharing the cert have the same userid. Hope that helps.
-Original Message-
From: IBM Mainframe Discussion List
If you have not done so, and you would like to join the RACF List, use this url
RACFhttp://www.listserv.uga.edu/archives/racf-l.html
Lizette
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
In RACF:
1. Only Certificate Authority(CA) certificate SHOULD issue certificates for
others - for a user, for a server, for another CA.
2. For a self-signed CA certificate, we call it a root certificate.
3. A CA certificate signed by another CA is called an intermediate CA.
4. CA
@LISTSERV.UA.EDU
Subject: Re: CERTAUTH vs SITE vs user certificate
>So:
>CERTAUTH - root certs
>SITE - server leaf certs (and intermediates?)
>User - certs used to authenticate users to servers
>Anyone want to agree/argue/validate/disprove?
Nobody else has any thoughts on this? S
IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: CERTAUTH vs SITE vs user certificate
>
> >So:
>
> >CERTAUTH - root certs
>
> >SITE - server leaf certs (and intermediates?)
>
> >User - certs used to authenticate users to servers
>
>
>
> >Anyone
Cert discussion is more frequent over on RACF-L :)
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> On Behalf Of Phil Smith III
> Sent: Monday, July 18, 2016 2:45 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: CERTAU
>So:
>CERTAUTH - root certs
>SITE - server leaf certs (and intermediates?)
>User - certs used to authenticate users to servers
>Anyone want to agree/argue/validate/disprove?
Nobody else has any thoughts on this? Surely we aren't the only ones dealing
with certificates (well, besides
Dave Gibney wrote:
>I could be wrong and I did use CERTAUTH inappropriately (should have been
SITE) in the past.
>I use:
>CERTAUTH to sign other certs.
>SITE for SERVERS
>User for users :)
I like this, Dave-it's certainly coherent and *sounds* logical!
So:
CERTAUTH - root certs
SITE
I could be wrong and I did use CERTAUTH inappropriately (should have been SITE)
in the past.
I use:
CERTAUTH to sign other certs.
SITE for SERVERS
User for users :)
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> On Behalf Of Phil Smith III
13 matches
Mail list logo