Matt. As far as I know RACF cannot import from a z/os unix file. It has to be VB. I think there is an RFE/Idea requesting unix file support.
Also you said that the source file is ISO 8859-1 which suggests to me that is base-64 encoded. If so you will see “—— BEGIN” near the start and a similar END. In that case you must transfer in text mode rather than binary. The alternative format supported by RACF is DER - that has to be transferred in binary. RACF recognises the format - you do not need to tell it if it is DER or BASE64. I also understand that if the package contains a personal certificate and its chain of CA certificates RACF will Only import the first of the CA certificates. Personally I use the RACF panels for one-off functions like this - I seem to get more useful error messages. Keith > On 5 May 2023, at 10:34, Michael Babcock <bigironp...@gmail.com> wrote: > > Before trying to add it to RACF use the RACDCERT CHECKCERT command. Off > the top of my head, I think it’s RACDCERT CHECKCERT(‘dataset-name’). I > always use that before adding a cert to RACF. And if there is a password > on the cert add PASSWORD(‘password’) to the command. Mind the quotes on > both parms. > >> On Thu, May 4, 2023 at 10:26 PM Matt Hogstrom <m...@hogstrom.org> wrote: >> >> I’m at 240 VB but I’ll try pulling it in … >> >> I was hoping to find a roadmap that would help out. Seems like there are >> a number of variables in terms of how certs are delivered, how they get >> uploaded, what encodings are used, etc. At the end of the day I’d like to >> get this documented to save the next guy a pile of work. >> >> >> Matt Hogstrom >>>> On May 4, 2023, at 10:52 PM, Peter Vels <peter.v...@gmail.com> wrote: >>> >>> It could be that your data set attributes aren't quite right. Try >> something >>> like LRECL=84, RECFM=VB. >>> >>>> On Fri, 5 May 2023 at 11:49, Matt Hogstrom <m...@hogstrom.org> wrote: >>> >>>> I’m attempting to import an x.509 cert for TLS. The certificate is >> valid >>>> and originates on a distributed system. I have the cert and the private >>>> key. I’m trying to import the cert into RACF. I’ve tried creating a >> pfx >>>> file (pkcs12) as well as importing the text based certs individually. >> Each >>>> time I try I end up with an error. The below was my attempt to import >> the >>>> DigiCertCA against which my certificate was created. I admit this is >> not >>>> my area of speciality so I suspect I’m doing something stupid. Here is >> the >>>> ADD command. >>>> >>>> RACDCERT ADD(IBMUSER.CERT.DIGICERT) CERTAUTH TRUST >>>> WITHLABEL('DigiCertCA’) >>>> >>>> IRRD103I An error was encountered processing the specified input data >>>> set. >>>> >>>> The certificate is in ISO8859-1 on my Mac and I transfer it to USS as >>>> binary and tag is as ISO8859-1. >>>> >>>> Anyone have a workflow for adding a TLS cert ? The IBM documentation >> is >>>> accurate I’m sure but not helpful. >>>> >>>> >>>> Matt Hogstrom >>>> >>>> “It may be cognitive, but, it ain’t intuitive." >>>> — Hogstrom >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >>>> >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> > -- > Michael Babcock > OneMain Financial > z/OS Systems Programmer, Lead > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN