Before trying to add it to RACF use the RACDCERT CHECKCERT command. Off the top of my head, I think it’s RACDCERT CHECKCERT(‘dataset-name’). I always use that before adding a cert to RACF. And if there is a password on the cert add PASSWORD(‘password’) to the command. Mind the quotes on both parms.
On Thu, May 4, 2023 at 10:26 PM Matt Hogstrom <m...@hogstrom.org> wrote: > I’m at 240 VB but I’ll try pulling it in … > > I was hoping to find a roadmap that would help out. Seems like there are > a number of variables in terms of how certs are delivered, how they get > uploaded, what encodings are used, etc. At the end of the day I’d like to > get this documented to save the next guy a pile of work. > > > Matt Hogstrom > > On May 4, 2023, at 10:52 PM, Peter Vels <peter.v...@gmail.com> wrote: > > > > It could be that your data set attributes aren't quite right. Try > something > > like LRECL=84, RECFM=VB. > > > > On Fri, 5 May 2023 at 11:49, Matt Hogstrom <m...@hogstrom.org> wrote: > > > >> I’m attempting to import an x.509 cert for TLS. The certificate is > valid > >> and originates on a distributed system. I have the cert and the private > >> key. I’m trying to import the cert into RACF. I’ve tried creating a > pfx > >> file (pkcs12) as well as importing the text based certs individually. > Each > >> time I try I end up with an error. The below was my attempt to import > the > >> DigiCertCA against which my certificate was created. I admit this is > not > >> my area of speciality so I suspect I’m doing something stupid. Here is > the > >> ADD command. > >> > >> RACDCERT ADD(IBMUSER.CERT.DIGICERT) CERTAUTH TRUST > >> WITHLABEL('DigiCertCA’) > >> > >> IRRD103I An error was encountered processing the specified input data > >> set. > >> > >> The certificate is in ISO8859-1 on my Mac and I transfer it to USS as > >> binary and tag is as ISO8859-1. > >> > >> Anyone have a workflow for adding a TLS cert ? The IBM documentation > is > >> accurate I’m sure but not helpful. > >> > >> > >> Matt Hogstrom > >> > >> “It may be cognitive, but, it ain’t intuitive." > >> — Hogstrom > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Michael Babcock OneMain Financial z/OS Systems Programmer, Lead ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN