I don't see how you would go about changing the end date. I would assume
that is the purpose of renewing the certificate.
On Tue, Jun 2, 2009 at 2:12 PM, Michael Saraco <
michael.sar...@baer-consulting.com> wrote:
> I have never tried it with an expired cert but have you tried to change
> the end date in the expired cert yet to see if that fixes your problem.
> When creating certs I always change the expire date to something way out
> there so I do not have problems.
>
>
> Michael Saraco
> Systems Consultant
> 303-838-3374 x115
> Cell 507-525-0530
>
>
>
> From:
> Mark Pace <mpac...@gmail.com>
> To:
> IBM-MAIN@bama.ua.edu
> Date:
> 06/02/2009 01:05 PM
> Subject:
> Re: SSL certificate renewal
> Sent by:
> IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu>
>
>
>
> Yes - all my users receive the certificate, and that is why I had hoped to
> renew it with the same key, so I would not have to send out a new cert to
> all the users. It's looking more like I will have to generate a new
> certificate and send it out.
>
> On Tue, Jun 2, 2009 at 1:56 PM, Richard Peurifoy
> <r-peuri...@neo.tamu.edu>wrote:
>
> > Mark Pace wrote:
> >
> >> Trying to follow the directions in the RACF manual to renew a
> self-signed
> >> certificate that expired.
> >>
> >> A display for ID TN3270
> >>
> >> Label:TnServerCert
> >> Certificate ID:2Qbj1fPy9/DjleKFmaWFmcOFmaNA
> >> Status:TRUST
> >> Start Date:2008/05/30 00:00:00
> >> End Date: 2009/05/30 23:59:59
> >> Serial Number:00
> >> Issuer's Name:CN=zos19.OU=IT.O=Mainline.C=US
> >> Subject's Name:CN=zos19.OU=IT.O=Mainline.C=US
> >> Private Key Type:Non-ICSF
> >> Private Key Size:1024
> >> Ring Associations:
> >> Ring Owner:TN3270
> >> Ring:TNRING
> >>
> >> So I see it exists and it's expired.
> >> Next create a certificate request based on the old certificate.
> >> *racdcert id(TN3270) genreq(label('TnServerCert'))
> >> dsn('ibmuser.cert.req')*
> >> This executes and creates the IBMUSER.CERT.REQ file.
> >>
> >> Then renew and replace the certficate.
> >> *racdcert id(TN3270) gencert('ibmuser.cert.req')
> >> signwith(label('TnServerCert'))
> >> *
> >> *IRRD107I No matching certificate was found for this user.*
> >>
> >> I can't figure out why it says this certificate is not found, when I
> >> clearly
> >> displayed it earlier.
> >>
> >>
> > I think you need "signwith(id(TN3270) label('TnServerCert'))",
> > however, I have never tried signing a cert with itself, so I
> > don't know if this works.
> >
> > Do others have a copy of this cert on their TN3270 clients,
> > or do they just accept a self-signed cert?
> >
> > If they just accept the self-signed cert, just create a new
> > one.
> >
> > Alternatively, you could create a signing cert with a long
> > End Date and use that to sign your cert. If the clients have
> > a copy of your cert, just give them a copy of your signig
> > cert to use as the CA for your TN3270 cert.
> >
> > --
> > Richard
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> > Search the archives at http://bama.ua.edu/archives/ibm-main.html
> >
>
>
>
> --
> Mark Pace
> Mainline Information Systems
> 1700 Summit Lake Drive
> Tallahassee, FL. 32317
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>
--
Mark Pace
Mainline Information Systems
1700 Summit Lake Drive
Tallahassee, FL. 32317
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
