I don't see how you would go about changing the end date. I would assume that is the purpose of renewing the certificate.
On Tue, Jun 2, 2009 at 2:12 PM, Michael Saraco < michael.sar...@baer-consulting.com> wrote: > I have never tried it with an expired cert but have you tried to change > the end date in the expired cert yet to see if that fixes your problem. > When creating certs I always change the expire date to something way out > there so I do not have problems. > > > Michael Saraco > Systems Consultant > 303-838-3374 x115 > Cell 507-525-0530 > > > > From: > Mark Pace <mpac...@gmail.com> > To: > IBM-MAIN@bama.ua.edu > Date: > 06/02/2009 01:05 PM > Subject: > Re: SSL certificate renewal > Sent by: > IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> > > > > Yes - all my users receive the certificate, and that is why I had hoped to > renew it with the same key, so I would not have to send out a new cert to > all the users. It's looking more like I will have to generate a new > certificate and send it out. > > On Tue, Jun 2, 2009 at 1:56 PM, Richard Peurifoy > <r-peuri...@neo.tamu.edu>wrote: > > > Mark Pace wrote: > > > >> Trying to follow the directions in the RACF manual to renew a > self-signed > >> certificate that expired. > >> > >> A display for ID TN3270 > >> > >> Label:TnServerCert > >> Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA > >> Status:TRUST > >> Start Date:2008/05/30 00:00:00 > >> End Date: 2009/05/30 23:59:59 > >> Serial Number:00 > >> Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US > >> Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US > >> Private Key Type:Non-ICSF > >> Private Key Size:1024 > >> Ring Associations: > >> Ring Owner:TN3270 > >> Ring:TNRING > >> > >> So I see it exists and it's expired. > >> Next create a certificate request based on the old certificate. > >> *racdcert id(TN3270) genreq(label('TnServerCert')) > >> dsn('ibmuser.cert.req')* > >> This executes and creates the IBMUSER.CERT.REQ file. > >> > >> Then renew and replace the certficate. > >> *racdcert id(TN3270) gencert('ibmuser.cert.req') > >> signwith(label('TnServerCert')) > >> * > >> *IRRD107I No matching certificate was found for this user.* > >> > >> I can't figure out why it says this certificate is not found, when I > >> clearly > >> displayed it earlier. > >> > >> > > I think you need "signwith(id(TN3270) label('TnServerCert'))", > > however, I have never tried signing a cert with itself, so I > > don't know if this works. > > > > Do others have a copy of this cert on their TN3270 clients, > > or do they just accept a self-signed cert? > > > > If they just accept the self-signed cert, just create a new > > one. > > > > Alternatively, you could create a signing cert with a long > > End Date and use that to sign your cert. If the clients have > > a copy of your cert, just give them a copy of your signig > > cert to use as the CA for your TN3270 cert. > > > > -- > > Richard > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > > > -- > Mark Pace > Mainline Information Systems > 1700 Summit Lake Drive > Tallahassee, FL. 32317 > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html