Re: CERTAUTH vs SITE vs user certificate

For the validation process, I would agree that putting the whole cert chain in the server side's keyring is a better approach so that the client side only needs to have the root certificate in its keyring. It is simpler and it can avoid the scenario if the client has an expired intermediate

Re: CERTAUTH vs SITE vs user certificate

Don Grinsell wrote: >In my experience (ACF2) intermediate certs are also inserted using CERTAUTH. Essentially anything in the certificate chain for a SITECERT or USER cert is a CERTAUTH item. As I read and learn more about this, I'm convinced that the above is incorrect. My understanding is

Re: CERTAUTH vs SITE vs user certificate

: CERTAUTH vs SITE vs user certificate Actually with RDATALIB, you should be able to share a cert with multiple regions as well without using SITE. Rob Schramm On Wed, Jul 27, 2016, 12:01 PM Ward, Mike S <mw...@ssfcu.org> wrote: > I know that a site certificate can b e shared by many CIC

Re: CERTAUTH vs SITE vs user certificate

Actually with RDATALIB, you should be able to share a cert with multiple regions as well without using SITE. Rob Schramm On Wed, Jul 27, 2016, 12:01 PM Ward, Mike S wrote: > I know that a site certificate can b e shared by many CICS regions with > different controlling

Re: CERTAUTH vs SITE vs user certificate

I know that a site certificate can b e shared by many CICS regions with different controlling userids. A user certificate requires that each region that is sharing the cert have the same userid. Hope that helps. -Original Message- From: IBM Mainframe Discussion List

Re: CERTAUTH vs SITE vs user certificate

If you have not done so, and you would like to join the RACF List, use this url RACFhttp://www.listserv.uga.edu/archives/racf-l.html Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to

Re: CERTAUTH vs SITE vs user certificate

In RACF: 1. Only Certificate Authority(CA) certificate SHOULD issue certificates for others - for a user, for a server, for another CA. 2. For a self-signed CA certificate, we call it a root certificate. 3. A CA certificate signed by another CA is called an intermediate CA. 4. CA

Re: CERTAUTH vs SITE vs user certificate

@LISTSERV.UA.EDU Subject: Re: CERTAUTH vs SITE vs user certificate >So: >CERTAUTH - root certs >SITE - server leaf certs (and intermediates?) >User - certs used to authenticate users to servers >Anyone want to agree/argue/validate/disprove? Nobody else has any thoughts on this? S

Re: CERTAUTH vs SITE vs user certificate

IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: CERTAUTH vs SITE vs user certificate > > >So: > > >CERTAUTH - root certs > > >SITE - server leaf certs (and intermediates?) > > >User - certs used to authenticate users to servers > > > > >Anyone

Re: CERTAUTH vs SITE vs user certificate

Cert discussion is more frequent over on RACF-L :) > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Phil Smith III > Sent: Monday, July 18, 2016 2:45 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: CERTAU

Re: CERTAUTH vs SITE vs user certificate

>So: >CERTAUTH - root certs >SITE - server leaf certs (and intermediates?) >User - certs used to authenticate users to servers >Anyone want to agree/argue/validate/disprove? Nobody else has any thoughts on this? Surely we aren't the only ones dealing with certificates (well, besides

Re: CERTAUTH vs SITE vs user certificate

Dave Gibney wrote: >I could be wrong and I did use CERTAUTH inappropriately (should have been SITE) in the past. >I use: >CERTAUTH to sign other certs. >SITE for SERVERS >User for users :) I like this, Dave-it's certainly coherent and *sounds* logical! So: CERTAUTH - root certs SITE

Re: CERTAUTH vs SITE vs user certificate

I could be wrong and I did use CERTAUTH inappropriately (should have been SITE) in the past. I use: CERTAUTH to sign other certs. SITE for SERVERS User for users :) > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Phil Smith III