Matt,
I had a similar problem. Make sure you do not have the file open anywhere
else .. I think RACF takes an exclusive lock on it
I had a problem with the v3 version of openssl - the format of the binary
file was changed, and I think RACF did not support it. Try shipping it as
a .pem file.
For example colin.cert..pesm starts with
-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIBVDANBgkqhkiG9w0BAQsFADBFMQ0wCwYDVQQKEwRURU1Q
....
Colin
On Fri, 5 May 2023 at 02:49, Matt Hogstrom <m...@hogstrom.org> wrote:
> I’m attempting to import an x.509 cert for TLS. The certificate is valid
> and originates on a distributed system. I have the cert and the private
> key. I’m trying to import the cert into RACF. I’ve tried creating a pfx
> file (pkcs12) as well as importing the text based certs individually. Each
> time I try I end up with an error. The below was my attempt to import the
> DigiCertCA against which my certificate was created. I admit this is not
> my area of speciality so I suspect I’m doing something stupid. Here is the
> ADD command.
>
> RACDCERT ADD(IBMUSER.CERT.DIGICERT) CERTAUTH TRUST
> WITHLABEL('DigiCertCA’)
>
> IRRD103I An error was encountered processing the specified input data
> set.
>
> The certificate is in ISO8859-1 on my Mac and I transfer it to USS as
> binary and tag is as ISO8859-1.
>
> Anyone have a workflow for adding a TLS cert ? The IBM documentation is
> accurate I’m sure but not helpful.
>
>
> Matt Hogstrom
>
> “It may be cognitive, but, it ain’t intuitive."
> — Hogstrom
>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
