Yes - all my users receive the certificate, and that is why I had hoped to
renew it with the same key, so I would not have to send out a new cert to
all the users. It's looking more like I will have to generate a new
certificate and send it out.
On Tue, Jun 2, 2009 at 1:56 PM, Richard Peurifoy <r-peuri...@neo.tamu.edu>wrote:
> Mark Pace wrote:
>
>> Trying to follow the directions in the RACF manual to renew a self-signed
>> certificate that expired.
>>
>> A display for ID TN3270
>>
>> Label:TnServerCert
>> Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA
>> Status:TRUST
>> Start Date:2008/05/30 00:00:00
>> End Date: 2009/05/30 23:59:59
>> Serial Number:00
>> Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US
>> Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US
>> Private Key Type:Non-ICSF
>> Private Key Size:1024
>> Ring Associations:
>> Ring Owner:TN3270
>> Ring:TNRING
>>
>> So I see it exists and it's expired.
>> Next create a certificate request based on the old certificate.
>> *racdcert id(TN3270) genreq(label('TnServerCert'))
>> dsn('ibmuser.cert.req')*
>> This executes and creates the IBMUSER.CERT.REQ file.
>>
>> Then renew and replace the certficate.
>> *racdcert id(TN3270) gencert('ibmuser.cert.req')
>> signwith(label('TnServerCert'))
>> *
>> *IRRD107I No matching certificate was found for this user.*
>>
>> I can't figure out why it says this certificate is not found, when I
>> clearly
>> displayed it earlier.
>>
>>
> I think you need "signwith(id(TN3270) label('TnServerCert'))",
> however, I have never tried signing a cert with itself, so I
> don't know if this works.
>
> Do others have a copy of this cert on their TN3270 clients,
> or do they just accept a self-signed cert?
>
> If they just accept the self-signed cert, just create a new
> one.
>
> Alternatively, you could create a signing cert with a long
> End Date and use that to sign your cert. If the clients have
> a copy of your cert, just give them a copy of your signig
> cert to use as the CA for your TN3270 cert.
>
> --
> Richard
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>
--
Mark Pace
Mainline Information Systems
1700 Summit Lake Drive
Tallahassee, FL. 32317
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
