So I am no expert when it comes to certificates, So maybe someone can shed some light for me.
By default z/OSMF is configured with a CA or ZOSMFCA label. That doesn't work or maybe seem to work for me. I can generate a client certificate from it and download to me PC but will never establish an SSL TLS 1.2 connection. I also done have admin rights, so even if I could it would only be for me, at least I think. So my corporate network team, gave me a root and immediate CA and then generated a client certificate for me. I imported them to RACF as trusted and built my z/OSMF key ring off those, which seemed to work... However now I am getting [ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=xxx.xxx.xxx.xxx my IP The signer might need to be added to local trust store safkeyringhybrid://IZUSVR/IZUKeyring.IZUDFLT, located in SSL configuration alias izuSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target. Which I guess makes sense because my network team gave me all the Certs. But is there a way to resolve this so all users get a TLS 1.2 htps connection? Ms Terri E Shaffer Senior Systems Engineer, z/OS Support: ACIWorldwide - Telecommuter H(412-766-2697) C(412-519-2592) terri.shaf...@aciworldwide.com ________________________________ [https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] <http://www.aciworldwide.com> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
