If you have not done so, the RACF List may also be able to offer suggestions/advice
To join, go to this URL RACF http://www.listserv.uga.edu/archives/racf-l.html Lizette > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of > Gilson Cesar de Oliveira > Sent: Thursday, May 03, 2018 4:21 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Self Signed Certificate - Import Root Chain > > Dear list: > > I'd like to hear from this group, which way we have to follow in order to > add in RACF the root chain from external partners that have encrypted > connections but using self signed certificate. > > I will describe the three ways we have imported the root chain: > > > > 1- Add the certificate with "Certificate Owner" = CERTAUTH and the CONNECT > with the option USAGE=CERTAUTH. > > RACDCERT CERTAUTH ADD('DSN.ROOT') + > WITHLABEL('External Root') TRUST > RACDCERT CONNECT(CERTAUTH LABEL('External Root') + > RING(RingName) USAGE(CERTAUTH)) ID(userid) > > > > 2-Add the certificate with "Certificate Owner" = userid and the CONNECT with > the option USAGE=PERSONAL. > > RACDCERT ID(userid) + > ADD('DSN.ROOT') + > WITHLABEL('External Root') + > TRUST > RACDCERT ID(userid) CONNECT(LABEL('External Root') + > RING(RingName) USAGE(PERSONAL)) > > > > 3- Add the certificate with "Certificate Owner" = userid and the CONNECT with > the option USAGE=CERTAUTH > > RACDCERT ID(userid) + > ADD('DSN.ROOT') + > WITHLABEL('External Root') + > TRUST > RACDCERT ID(userid) CONNECT(LABEL('External Root') + > RING(RingName) USAGE(CERTAUTH)) > > All the options we have tested worked fine but I'd like to know if there is a > standard way to add/import the certificate. > If the certificate is from an external CA like Symantec, Digicert, Certisign, > etc. the process is the same or do we have to follow another way to import > the root chain certificate ? > > Thanks in advance for any help. > > Regards, > > Gilson Cesar > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN