APAR PI17244 was created yesterday for the problem with FTP server
processing of hostIdMapping certificates (when not using AT-TLS).
FTP server (z/OS 1.13) works fine when using AT-TLS.
CICS Web Services works fine with hostIdMapping certificates.
RDz works ok with hostIdMapping certificates if
I have a ticket open with the RDz client issues. IBM hasn't provided a
resolution yet. They have been
questioning the validity of my certificates, but now that they work on
CICS Web Services that issue should
not be questioned.
All I can think of then is that RACF isn't finding the
On Wed, 12 Mar 2014 10:55:35 -0700, Donald J. dona...@4email.net wrote:
It works when the certificate is associated to a userid.
All I can think of then is that RACF isn't finding the matching hostname in a
hostIdMapping. There doesn't seem to be doc on the specifics of this:
upper/lower
Have you run a GSKSRVR trace? Always points the finger at exactly what is
wrong. Unless you are using AT-TLS.. then a different trace is needed.
Rob Schramm
On Mar 14, 2014 9:30 AM, Phil Sidler phil_sid...@hotmail.com wrote:
On Wed, 12 Mar 2014 10:55:35 -0700, Donald J. dona...@4email.net
On Wed, 12 Mar 2014 10:18:04 -0700, Donald J. dona...@4email.net wrote:
But I could
not get HostIDMapping to work with FTP Server. You would think the RACF
interface would be the same for all applications.
RACF provides many interfaces, and the application chooses which one to use.
Then the
CLASS NAME
-
SERVAUTH IRR.HOST.MVS3.domain.removed
USER ACCESS ACCESS COUNT
-- -- -
RDZRSEDREAD00
FTPSERV2 READ00
But I could
not get
With a couple of tips from Phl's vbscript I was able to get the
HostIDMappings to work. I was leaving the implicit tags off the
IA5 strings. As Phil indicated, it does work with CICS Web Services
even though no mention of that anywhere. But I could
not get HostIDMapping to work with FTP Server.
On Wed, 12 Mar 2014 10:18:04 -0700, Donald J. dona...@4email.net wrote:
even though no mention of that anywhere. But I could
not get HostIDMapping to work with FTP Server. You would think the RACF
interface would be the same for all applications.
What setting do you have for SECURE_LOGIN on
SECURE_LOGIN REQUIRED
SECURE_PASSWORD OPTIONAL
SECURE_CTRLCONN PRIVATE
SECURE_DATACONN PRIVATE
SECURE_FTP REQUIRED
It works when the certificate is associated to a userid.
--
Donald J.
dona...@4email.net
On Wed, Mar 12, 2014, at 10:53 AM, Phil Sidler wrote:
On Wed,
I am currently using openssl to create certificates for use with CICS
Web Services that work fine. I haven't read anywhere that
CICS Web Services supports authentication using HostIDMapping. I
associate the certificate with a userid using command:
RACDCERT ID(USERID1) ADD('USERID1.CERT1.PEM')
On Tue, 11 Mar 2014 05:54:24 -0700, Donald J. dona...@4email.net wrote:
If I try to use a certificate with a HostIDMapping extension and no
certificate associated with the userid I get error message:
CWXN A client certificate that maps to a valid userid is required.
This is likely just CICS's
I now have an openssl config which produces the same hex code as your
vbsscript for
lengths less than 128. For length above 128 openssl produces a
different length code
for the SET (x'31') which is x'318184'. Your script produces
x'31820184'. I will do some
testing with CICS Web Services and
Thanks for the openssl example. I wish I could have found more useful openssl
arbitrary extension examples when I was working on this before.
As for the length fields, it was probably my mis-interpretation of prose such
as this:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb540805
On Tue, 11 Mar 2014 05:54:24 -0700, Donald J. dona...@4email.net wrote:
I am currently using openssl to create certificates for use with CICS
Web Services that work fine. I haven't read anywhere that
CICS Web Services supports authentication using HostIDMapping. I
associate the certificate
On Mon, 10 Mar 2014 08:59:55 -0700, Donald J. dona...@4email.net wrote:
Could someone who is using z/OS PKI Services for z/OS post a sample
certificate containing an arbitrary extension for HostIdMapping, or an
Would some VBscript help? Did this a loong time ago and I'm not sure it's
totally
Yes, the script helps to identify some things. What appilcation was it
working with?
I am trying to generate a cert for an RDz client. The RDz client
appears to try to be
intelligent and not allow bad parameters to be entered like a wrong
passphrase for a PKCS12.
It seems to reject all the certs
On Mon, 10 Mar 2014 13:49:38 -0700, Donald J. dona...@4email.net wrote:
Yes, the script helps to identify some things. What appilcation was it
working with?
IIRC, this was in combination with windows certreq to build send a cert
request to a windows active directory server to be signed and
17 matches
Mail list logo