Before trying to add it to RACF use the RACDCERT CHECKCERT command. Off
the top of my head, I think it’s RACDCERT CHECKCERT(‘dataset-name’). I
always use that before adding a cert to RACF. And if there is a password
on the cert add PASSWORD(‘password’) to the command. Mind the quotes on
both parms.
On Thu, May 4, 2023 at 10:26 PM Matt Hogstrom <m...@hogstrom.org> wrote:
> I’m at 240 VB but I’ll try pulling it in …
>
> I was hoping to find a roadmap that would help out. Seems like there are
> a number of variables in terms of how certs are delivered, how they get
> uploaded, what encodings are used, etc. At the end of the day I’d like to
> get this documented to save the next guy a pile of work.
>
>
> Matt Hogstrom
> > On May 4, 2023, at 10:52 PM, Peter Vels <peter.v...@gmail.com> wrote:
> >
> > It could be that your data set attributes aren't quite right. Try
> something
> > like LRECL=84, RECFM=VB.
> >
> > On Fri, 5 May 2023 at 11:49, Matt Hogstrom <m...@hogstrom.org> wrote:
> >
> >> I’m attempting to import an x.509 cert for TLS. The certificate is
> valid
> >> and originates on a distributed system. I have the cert and the private
> >> key. I’m trying to import the cert into RACF. I’ve tried creating a
> pfx
> >> file (pkcs12) as well as importing the text based certs individually.
> Each
> >> time I try I end up with an error. The below was my attempt to import
> the
> >> DigiCertCA against which my certificate was created. I admit this is
> not
> >> my area of speciality so I suspect I’m doing something stupid. Here is
> the
> >> ADD command.
> >>
> >> RACDCERT ADD(IBMUSER.CERT.DIGICERT) CERTAUTH TRUST
> >> WITHLABEL('DigiCertCA’)
> >>
> >> IRRD103I An error was encountered processing the specified input data
> >> set.
> >>
> >> The certificate is in ISO8859-1 on my Mac and I transfer it to USS as
> >> binary and tag is as ISO8859-1.
> >>
> >> Anyone have a workflow for adding a TLS cert ? The IBM documentation
> is
> >> accurate I’m sure but not helpful.
> >>
> >>
> >> Matt Hogstrom
> >>
> >> “It may be cognitive, but, it ain’t intuitive."
> >> — Hogstrom
> >>
> >>
> >> ----------------------------------------------------------------------
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
--
Michael Babcock
OneMain Financial
z/OS Systems Programmer, Lead
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
