Yes - all my users receive the certificate, and that is why I had hoped to renew it with the same key, so I would not have to send out a new cert to all the users. It's looking more like I will have to generate a new certificate and send it out.
On Tue, Jun 2, 2009 at 1:56 PM, Richard Peurifoy <r-peuri...@neo.tamu.edu>wrote: > Mark Pace wrote: > >> Trying to follow the directions in the RACF manual to renew a self-signed >> certificate that expired. >> >> A display for ID TN3270 >> >> Label:TnServerCert >> Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA >> Status:TRUST >> Start Date:2008/05/30 00:00:00 >> End Date: 2009/05/30 23:59:59 >> Serial Number:00 >> Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US >> Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US >> Private Key Type:Non-ICSF >> Private Key Size:1024 >> Ring Associations: >> Ring Owner:TN3270 >> Ring:TNRING >> >> So I see it exists and it's expired. >> Next create a certificate request based on the old certificate. >> *racdcert id(TN3270) genreq(label('TnServerCert')) >> dsn('ibmuser.cert.req')* >> This executes and creates the IBMUSER.CERT.REQ file. >> >> Then renew and replace the certficate. >> *racdcert id(TN3270) gencert('ibmuser.cert.req') >> signwith(label('TnServerCert')) >> * >> *IRRD107I No matching certificate was found for this user.* >> >> I can't figure out why it says this certificate is not found, when I >> clearly >> displayed it earlier. >> >> > I think you need "signwith(id(TN3270) label('TnServerCert'))", > however, I have never tried signing a cert with itself, so I > don't know if this works. > > Do others have a copy of this cert on their TN3270 clients, > or do they just accept a self-signed cert? > > If they just accept the self-signed cert, just create a new > one. > > Alternatively, you could create a signing cert with a long > End Date and use that to sign your cert. If the clients have > a copy of your cert, just give them a copy of your signig > cert to use as the CA for your TN3270 cert. > > -- > Richard > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html