Phil The STIG does not allow a uss keystore.
ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* בתאריך יום ד׳, 17 בינו׳ 2024 ב-22:47 מאת Phil Smith III <li...@akphs.com>: > If you mean certificates for TLS, the USS gskkyman utility is great for > testing/verification. Nothing wrong with it for production, but most sites > in my experience are happier with the certs in SAF (RACF/ACF2/TSS) for > production. The beauty of gskkyman is that it's isolated AND discrete. With > SAF you can screw other folks up and/or think you have it working correctly > when you don't. With gskkyman you can create a database containing just the > certificate(s) you think you need and verify that they work, then move them > to SAF. > > > > gskkyman operates via a series of prompts, so it's pretty easy to use: > > * Get the certificate in a USS file, preferably as a Base64-encoded > file (doesn't have to be, just easier to say "Yep, that looks like a > certificate") > * Go into gskkyman and import it > * Point the application truststore at the gskkyman database and test > > > > Obviously I'm making a bunch of assumptions about what you're doing in the > above, so none of it may apply. > > > > ...phsiii > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
