Re: Self Signed Certificate - Import Root Chain

Thu, 03 May 2018 06:27:07 -0700 

If you have not done so, the RACF List may also be able to offer 
suggestions/advice

To join, go to this URL

RACF    http://www.listserv.uga.edu/archives/racf-l.html

Lizette


> -----Original Message-----
> From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of
> Gilson Cesar de Oliveira
> Sent: Thursday, May 03, 2018 4:21 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Self Signed Certificate - Import Root Chain
> 
> Dear list:
> 
>   I'd like to hear from this group, which way we have to follow in order to
> add in RACF the root chain from external partners that have encrypted
> connections but using self signed certificate.
> 
>   I will describe the three ways we have imported the root chain:
> 
> 
> 
> 1- Add the certificate with "Certificate Owner" = CERTAUTH  and the CONNECT
> with the option USAGE=CERTAUTH.
> 
> RACDCERT CERTAUTH ADD('DSN.ROOT') +
>          WITHLABEL('External Root') TRUST
> RACDCERT CONNECT(CERTAUTH LABEL('External Root') +
>          RING(RingName) USAGE(CERTAUTH)) ID(userid)
> 
> 
> 
> 2-Add the certificate with "Certificate Owner" = userid and the CONNECT with
> the option USAGE=PERSONAL.
> 
> RACDCERT ID(userid) +
>          ADD('DSN.ROOT')     +
>          WITHLABEL('External Root')  +
>          TRUST
> RACDCERT ID(userid) CONNECT(LABEL('External Root')    +
>          RING(RingName) USAGE(PERSONAL))
> 
> 
> 
> 3- Add the certificate with "Certificate Owner" = userid and the CONNECT with
> the option USAGE=CERTAUTH
> 
> RACDCERT ID(userid) +
>          ADD('DSN.ROOT')     +
>          WITHLABEL('External Root')  +
>          TRUST
> RACDCERT ID(userid) CONNECT(LABEL('External Root')    +
>          RING(RingName) USAGE(CERTAUTH))
> 
> All the options we have tested worked fine but I'd like to know if there is a
> standard way to add/import the   certificate.
> If the certificate is from an external CA like Symantec, Digicert, Certisign,
> etc. the process is the same or do we have to follow another way to import
> the root chain certificate ?
> 
>  Thanks in advance for any help.
> 
>  Regards,
> 
>  Gilson Cesar
> 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to