Matt.
As far as I know RACF cannot import from a z/os unix file. It has to be VB. I
think there is an RFE/Idea requesting unix file support.
Also you said that the source file is ISO 8859-1 which suggests to me that is
base-64 encoded. If so you will see “—— BEGIN” near the start and a similar
END. In that case you must transfer in text mode rather than binary. The
alternative format supported by RACF is DER - that has to be transferred in
binary. RACF recognises the format - you do not need to tell it if it is DER or
BASE64.
I also understand that if the package contains a personal certificate and its
chain of CA certificates RACF will
Only import the first of the CA certificates.
Personally I use the RACF panels for one-off functions like this - I seem to
get more useful error messages.
Keith
> On 5 May 2023, at 10:34, Michael Babcock <bigironp...@gmail.com> wrote:
>
> Before trying to add it to RACF use the RACDCERT CHECKCERT command. Off
> the top of my head, I think it’s RACDCERT CHECKCERT(‘dataset-name’). I
> always use that before adding a cert to RACF. And if there is a password
> on the cert add PASSWORD(‘password’) to the command. Mind the quotes on
> both parms.
>
>> On Thu, May 4, 2023 at 10:26 PM Matt Hogstrom <m...@hogstrom.org> wrote:
>>
>> I’m at 240 VB but I’ll try pulling it in …
>>
>> I was hoping to find a roadmap that would help out. Seems like there are
>> a number of variables in terms of how certs are delivered, how they get
>> uploaded, what encodings are used, etc. At the end of the day I’d like to
>> get this documented to save the next guy a pile of work.
>>
>>
>> Matt Hogstrom
>>>> On May 4, 2023, at 10:52 PM, Peter Vels <peter.v...@gmail.com> wrote:
>>>
>>> It could be that your data set attributes aren't quite right. Try
>> something
>>> like LRECL=84, RECFM=VB.
>>>
>>>> On Fri, 5 May 2023 at 11:49, Matt Hogstrom <m...@hogstrom.org> wrote:
>>>
>>>> I’m attempting to import an x.509 cert for TLS. The certificate is
>> valid
>>>> and originates on a distributed system. I have the cert and the private
>>>> key. I’m trying to import the cert into RACF. I’ve tried creating a
>> pfx
>>>> file (pkcs12) as well as importing the text based certs individually.
>> Each
>>>> time I try I end up with an error. The below was my attempt to import
>> the
>>>> DigiCertCA against which my certificate was created. I admit this is
>> not
>>>> my area of speciality so I suspect I’m doing something stupid. Here is
>> the
>>>> ADD command.
>>>>
>>>> RACDCERT ADD(IBMUSER.CERT.DIGICERT) CERTAUTH TRUST
>>>> WITHLABEL('DigiCertCA’)
>>>>
>>>> IRRD103I An error was encountered processing the specified input data
>>>> set.
>>>>
>>>> The certificate is in ISO8859-1 on my Mac and I transfer it to USS as
>>>> binary and tag is as ISO8859-1.
>>>>
>>>> Anyone have a workflow for adding a TLS cert ? The IBM documentation
>> is
>>>> accurate I’m sure but not helpful.
>>>>
>>>>
>>>> Matt Hogstrom
>>>>
>>>> “It may be cognitive, but, it ain’t intuitive."
>>>> — Hogstrom
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>> For IBM-MAIN subscribe / signoff / archive access instructions,
>>>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>>>
>>>
>>> ----------------------------------------------------------------------
>>> For IBM-MAIN subscribe / signoff / archive access instructions,
>>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>>
>> ----------------------------------------------------------------------
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
> --
> Michael Babcock
> OneMain Financial
> z/OS Systems Programmer, Lead
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
