Re: RPMs for installs and Maint: [WAS SMP/E needed for installs?]

[Seymour J Metz]

It is common for documentation to be in a separate package from the code. SMP 
provided documentation normally has the same FMID as the code. 

If you want an equivalence with SMP rather than just parallel roles, then you 
really need to factor in, e.g, cvs, svn, git.


From: IBM Mainframe Discussion List  on behalf of 
Joel C. Ewing 
Sent: Saturday, August 26, 2023 12:32 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: RPMs for installs and Maint: [WAS SMP/E needed for installs?]

Tthere isn't really any direct equivalence between RPM and SMP/E
concepts of maintenance.

Since a large Linux application (like LibreOffice) may be packaged as
several interdependent packages, in that sense a package is similar to
an FMID of a z/OS product; but the number of pieces/files contained in a
package tends to vary more widely than for z/OS products, in some cases
containing very few files.  I expect the average Linux package contains
many fewer elements than the typical z/OS product, so replacing the
whole thing is not that big of a deal.  The Linux systems I have seen
also have many more packages installed than the typical number of FMIDs
on a z/OS system.

It is true that a package update must replace an entire package, not
just changed sub components of a package; but new release levels of a
package also occur with much greater frequency than new versions or
release levels of a z/OS product.  A new release level of a package
typically contains a number of code fixes, and in that respect is more
like a z/OS PTF that fixes multiple APARS.  While all components of an
updated package are re-installed, it is also true that current RPM
download protocols also support just downloading the RPM delta from the
previous package level if only a small part of a large package RPM file
has changed.

You can back out a package update by re-installing a previous package
level, just like you can back out a z/OS PTF that fixes multiple APARs
-- the dependency requirements are simpler to resolve when there are
only package-level dependencies to consider.

The frequency of occurrence of new package releases with minor changes
definitely entitles this to be called a maintenance process.  That the
same RPM file can be used for new installation or maintenance is a nice
simplification from the user's standpoint.

The decentralized nature of Linux package maintenance and the extremely
large number of combinations of packages that could be present on a
Linux system does tend to make Linux platforms less predictable.  It is
not so much a factor of the complete package replacement strategy
(changes at the source code level may be minor), as that the maintainers
of one package simply cannot test with all other package combinations
and may be unaware of some package combinations that are adversely
affected by their changes.  Linux is more dependent upon their user
community to find non-obvious dependency issues.

 Joel C Ewing

On 8/25/23 20:55, Jon Perryman wrote:
>> On Thursday, August 24, 2023 at 11:57:33 AM PDT, Steve Thompson 
>>  wrote:
>> With Linux distros there are a few maint systems. The one I am
>> most familiar with is RPM.
> Linux (nor Unix) does NOT have any maint systems. P in RPM stands for Package 
> which is the z/OS equivalent of product / component. Complete packages are 
> replaced regardless of the problems you want to fix. Every package has a 
> version number which is indentifies all the maintenance included in that 
> package.
>
>> To me YAST (the Linux equivalent of SMP/E) handles upgrades
> YAST and SMP/e have nothing in common. YAST tells you it's about installation 
> and configuration. It's about replacing the entire package and nothing to do 
> with maintaining that package. The M in SMP/e stands for Maintenance. You 
> never see a PTF that is 1MB. The only reason SMP/e installs, is to create a 
> maintenance environment for the product / component. If installation is your 
> only requirement, then use a different tool like IEBCOPY, DFDSS or ???.
>
>> Each product/component has its own main entry and dependencies.
> Unix dependencies are by version number and have nothing to do with the 
> package (product/component) in question. The package is completely replaced. 
> SMP/e dependencies can be for entities within the same function, other 
> functions, PTFs and APARs. A function is the SMP/e equivalent of a Unix 
> package.
>
>> I thought it was a fairly good replacement for SMP/E for the
>> Linux side of things.
>> I can see how it could be used to do z/OS and related.
> YAST, RPM and other Unix package installers are unacceptable replacements for 
> SMP/e. Name 1 z/OS customer that is willing to risk reinstalling an entire 
> product/component because they need 1 PTF. Add to that cascading product 
> installs because of dependencies. Worse than that, testing must include 
> everything that changed in those installs and every product/component that 
> interacts with all 

Re: "XYZZY"?

[Bob Bridges]

I didn't think of PLUGH.  I just pronounce that "ploo".

Anybody here ever figure out what to do with "Hello, sailor!"?  I never did,
but a friend of mine told me where it's valid.

(Oh, "5-syllable pronunciation"!  I get it now!)

---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313

/* Keep them watching their own minds and trying to produce ~feelings~ there
by the action of their own wills.  When they meant to ask Him for charity,
let them, instead, start trying to manufacture charitable feelings for
themselves and not notice that this is what they are doing.  When they meant
to pray for courage, let them really be trying to feel brave.  When they say
they are praying for forgiveness, let them be trying to feel forgiven.
Teach them to estimate the value of each prayer by their success in
producing the desired feeling; and never let them suspect how much success
or failure of that kind depends on whether they are well or ill, fresh or
tired, at the moment.  -advice to a tempter from The Screwtape Letters by C
S Lewis */

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of
David L. Craig
Sent: Sunday, August 27, 2023 11:42

The only way I could ever get it to work was to spell it out, so I've always
pronounced it ex-why-zee-zee-why.
Plugh also had to be spelled out, but it's pronunciation was much less
enigmatic.

--- On 23Aug27:0159-0400, David Cole wrote:
> For 50 years, I've always used the five syllable pronunciation.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: "XYZZY"?

[David L. Craig]

On 23Aug27:0159-0400, David Cole wrote:

> For 50 years, I've always used the five syllable pronunciation.

The only way I could ever get it to work was to spell it
out, so I've always pronounced it ex-why-zee-zee-why.
Plugh also had to be spelled out, but it's pronunciation
was much less enigmatic.
-- 

May the LORD God bless you exceedingly abundantly!

Dave_Craig__
"So the universe is not quite as you thought it was.
 You'd better rearrange your beliefs, then.
 Because you certainly can't rearrange the universe."
__--from_Nightfall_by_Asimov/Silverberg_

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: "XYZZY"?

[Seymour J Metz]

Do you have an online image of the caed? URL?


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Brian Westerman [brian_wester...@syzygyinc.com]
Sent: Saturday, August 26, 2023 5:33 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: "XYZZY"?

Some people say Syz-R-gy.  Actually mostly people from the East coast do that.  
On the west cost they typically call us "SYN-R-GY'.  Once they hear me say it a 
couple times, they tend to at least get a little closer.

We used to have a little pronunciation area on our cards just after the big red 
and black SYZYGY, but thankfully they stopped doing that when we went to the 
light up and then the current (sort of) 3-D hologram cards.  It's actually kind 
of funny because the background of the cards is an old fashion system dump that 
has the hex characters that spell out 'If you used Syzygy, this dump would 
never have happened'.  Most people look at the right hand side of the dump and 
think that the hex characters on the left are being spelled out as something 
completely different than it actually states.

Only one person has caught the discrepancy, and I think he was drunk at that 
time.

Brian

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: A curosity question about IHAETD macro

[Peter Relson]

I'm afraid that the curious will have to remain curious.

This is not part of the programming interface; no relevant further information 
is available or likely to be made available.
I'm sure you can figure out that the bit is set by the RECORD keyword of ETDEF. 
That is commented in the macro as "internal use only".

Nothing can stop a suitably authorized program from doing whatever it wants. So 
of course a program "can" set the bit. It is expected not to do so. It would be 
taking its own risk and imposing risk on the entire system in doing so.

Peter Relson
z/OS Core Technology Design


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

CBT Usermod Collection for ISPF (CUCI) V1R8 RELEASED!

[Tom Conley]

FYI,

I'm pleased to announce Version 1 Release 8 of the CBT Usermods
Collection for ISPF (CUCI), available at
https://www.cbttape.org/ftp/updates/CBT967.zip.
If you want EDIT highlighting for other languages, if you want useful
modifications to ISPF panels, if you want a way to set default ISPF
options that are not in the ISPCCONF dialog, then CUCI is for you!

The major usermods provided by CUCI:

Highlight 20 languages in EDIT not supported by ISPF
USRCCONF dialog to customize ISPF options not included is ISPCCONF
Turn off SUPERUSER when exiting 3.17 or ISHELL
Block deletes in ISPF 3.4 don't stop on VSAM
ISPCMDS changes to enable cd in ISPF 3.17, SF abbreviation for SRCHFOR, 
and other command abbreviations, UDL for UDLIST, DSL for DSLIST, etc.


V1R8 contains the following enhancements (both RFE's and the new z Idea
Portal enhancements are provided in this release) and maintenance items:

Total IBM Ideas delivered to date:  08
Total RFEs delivered to date:  39

IBM Z Hardware and Operating Systems Ideas formerly
satisfied:

ZOS-I-3338 - Please Support SQL (Db2) highlighting in
 ISPF Editor
ZOS-I-2887 - ISPCCONF - Add PF Key Definitions
ZOS-I-2625 - Improve ISPF 3.17 by allowing CD on the
 command line
ZOS-I-2203 - ISPF Edit highlighting for ACS routines
ZOS-I-1679 - ISPF HILITE PLI - keywords missing

Fix issues and add capability to HIGHLITE:

  - Modify PYTHON and JAVA highlighting to work in
    both EBCDIC and ASCII mode.
  - Correct operator strings for JAVA, PYTHON, SHELL,
    and GO, to properly highlight all valid language
    operators.
  - Add Python built-in functions.
  - Correct highlighting errors for SHELL and PYTHON
    by issuing HILITE OFF, and by individually
    highlighting comments, quoted strings, keywords,
    operators, and parens.  By turning off HILITE,
    SHELL and PYTHON highlighting will work for ASCII
    mode highlighting.  Also add code to prevent
    keywords in MSG, NOTE, etc. lines.
  - Create EDIT MACRO exec USREDDEM to process
    HIGHLITE command by removing code from ISREDDE2
    and ISREDDE4.  This also enables automatically
    issuing NULLS ON STD so that CUCI highlighting
    works correctly.

    $HIGHLIT
    $MANHACJ
    ISREDDE2
    ISREDDE4
    UMISRHIJ
    USREDDEM
    USREDDEX
    USRHILIT

Correct issue with ISRUMVC panel no longer working
because ZMMCDSN is not a null value, but instead has
46 x'00' characters.  Create Rexx panel exit USRUMVC
to check for 46 x'00' characters and prime ZMMCDSN
with ZCLDSN.

    ISRUMVC
    UMISRVCJ
    USRUMVC

Add /* rexx */ identifier to the following execs so
that HILITE AUTO will properly highlight these execs:

    USRUDSLI
    USRUDSLP
    USRUUID0

Consolidate all SHARE presentations into a single .zip
member in binary format:

    $SHARZIP
    SHAREZIP
* Thanks to Colin Paice for this suggestion! *

Customizing the ISPF HILITE Command.pdf  - SHARE in San Jose
Conley Bit Bucket CUCI Announcement 2017.pdf - SHARE in Phoenix
ISPF IS DEAD!  LONG LIVE ISPF! 2019.pdf  - SHARE in Pittsburgh
ISPF IS DEAD!  LONG LIVE ISPF! 2020.pdf  - SHARE in Boston
ISPF IS DEAD!  LONG LIVE ISPF! 2021.pdf  - SHARE Webinar
Conley Bit Bucket CUCI Update 2021.pdf   - SHARE Virtual
ISPF IS (NOT) DEAD!  LONG LIVE ISPF!.pdf - SHARE in Columbus

Modify the USERMODS for V2R5.  Support the removal of
the ISPF Client/Server component.  Include comments
for V2R4 elements that still include the Download
pulldown.

    UMBPXISJ
    UMISCLMJ
    UMISPCMJ
    UMISRHIJ
    UMISRPDJ
    UMISRPXJ
    UMISRUDJ
    UMISRUUJ
    UMISRVCJ
    UMUSRCFJ

Remove download pulldown for the following panels at
the V2R5 level:

    ISR@PRIM
    ISREDDE2
    ISREDDE4
    ISRUAASE
    ISRUDSL0
    ISRUUDL0
    ISRUULP

Create panels for V2R4 that still include the Download
pulldown:

    ISR@PR24 (ISR@PRIM)
    ISRED224 (ISREDDE2)
    ISRED424 (ISREDDE4)
    ISRUAA24 (ISRUAASE)
    ISRUDS24 (ISRUDSL0)
    ISRUUD24 (ISRUUDL0)
    ISRUUL24 (ISRUULP)

Update ISPF highlighting module for V2R5 changes:

    ISRPXASM

Update ISHELL components for removal of HFS support:

    BPXWISH
    BPXWP99
    ISH
    ISHELL

Fix packaging error with CUCI V1R7 where two members
were incorrectly left off the distribution.
** Thanks to Colin Paice for reporting this issue! **

    USRHCALN
    USRHFORC

Enhance documentation in the $MANHACK member to
correct the assemble and bind JCL for ISRPX.
** Thanks to Colin Paice for reporting this issue! **

    $MANHACK

Enhance documentation in the $USRCONF member to
add details for allocating the keyword file and
clarify the installation instructions.
** Thanks to Colin Paice for reporting this issue! **

    $USRCONF

Rename $README to $$README so it appears at the top of
the member list.  Add documentation to explain each
usermod and the benefits of applying it.  Also add
documentation to explain that CUCI must be installed
as usermods or into libraries concatenated ahead of
everythi

Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server

[John S. Giltner, Jr.]

If you have OpenSSL installed you can do:

echo DONE |  openssl s_client -connect ipaddress:port | openssl x509 -inform 
pem -noout -text | more 


Which will show you the information for the server cert that is being presented

On Sun, 27 Aug 2023 10:11:43 +0200, Peter Sylvester  
wrote:

>Hi,
>
>curl --verbose https://
>
>may be sufficient
>
>Peter
>
>
>
>On 27/08/2023 09:43, Colin Paice wrote:
>> See Collecting a tcpip packet trace on z/OS.
>> 
>> and how to export it to a wireshark format - which you can then use
>> wireshark to process.
>>
>> On Sun, 27 Aug 2023 at 00:59, Gibney, Dave <
>> 03b5261cfd78-dmarc-requ...@listserv.ua.edu> wrote:
>>
>>> There's a free "wireshark" for z/OS. Something like
>>> NBOS for z/OS
>>>
 -Original Message-
 From: IBM Mainframe Discussion List  On
 Behalf Of Jerry Whitteridge
 Sent: Saturday, August 26, 2023 10:47 AM
 To: IBM-MAIN@LISTSERV.UA.EDU
 Subject: Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a
>>> server
 [EXTERNAL EMAIL]

 Thanks Charles I was just starting to look at if curl would do it.

 This is a TN3270 server on z/OS that I want to check what cert it is
>>> presenting
 to the user for a TLS connection.

 J
 -Original Message-
 From: IBM Mainframe Discussion List  On
 Behalf Of Charles Mills
 Sent: Saturday, August 26, 2023 10:42 AM
 To: IBM-MAIN@LISTSERV.UA.EDU
 Subject: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server

 Well, I wrote a product that does exactly that in a beautiful graphic
>>> fashion and
 is part of NewEra's ICEDirect suite.

 https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld
 efense.com%2Fv3%2F__https%3A%2F%2Fwww.newera.com%2FINFO%2FIC
 EDirect.pdf__%3B!!JmPEgBY0HMszNaDT!p7XN4J09CBWP5eaGgpdT2VAVnTc
 gOHI66aUmtmicKPvG-
 4oXEGRcKDnH9yb_2KRZQg0s99_3guSOoyqqicnIdvXILxNY%24&data=05%7C
 01%7CGIBNEY%40WSU.EDU%7C0436f4fd6f0d41e45b3608dba65c7453%7C
 b52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638286688235202
 429%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
 MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4NW
 Vk9ZbssYTQSffyGgNsMixH22r32oxKNNzbLUJgCA%3D&reserved=0

 Does that count? 

 For free tools

 1. Is it a Web server? If so most browsers will display the server
>>> certificate and
 the entire chain of trust. Click on the padlock icon next to the URL and
>>> take it
 from there.

 2. Perhaps you can do this with OpenSSL?  I think so but don't know the
 details.

 3. Can you do this with curl? Seems likely but I am not a curl expert.

 Charles

 On Sat, 26 Aug 2023 16:52:46 +, Jerry Whitteridge
  wrote:

> I used to use a java command to check on my certs on the mainframe
>
> keytool -printcert -sslserver :port
>
> but now all I get is a message
>
> XXX:/u/xxx:>keytool -printcert -V -sslserver .yyy.com
> keytool error: java.lang.Exception: No certificate from the SSL server
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: "XYZZY"?

[David Spiegel]

Hi David,
Fo'  "shizzy" {;-}->

Regards,
David

On 2023-08-27 01:59, David Cole wrote:

For 50 years, I've always used the five syllable pronunciation.

Dave Cole


At 8/24/2023 05:21 PM, Bob Bridges wrote:

It's only just now occurring to me to wonder:  How should "XYZZY" be
pronounced?  I've always said "KSIZZ-ee", but it occurs to me now 
that there

are other possibilities.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* The thing that most Europeans simply do not grasp is the size of 
the US.
From where I lived in Wiesbaden, Germany, I could drive for six hours 
in any
direction and be in almost any country in Europe -- excepting Spain, 
Greece,
and maybe Norway/Sweden depending on ferry connections.  You can 
drive in

the US for six hours and still be in west Texas.  -Charley Seavey in the
Patrick O'Brian discussion forum
(http://www.wwnorton.com/forums/POB/POBforum.htm), 
May 2000. */

-Original Message-
From: IBM Mainframe Discussion List  On 
Behalf Of

Kurt Quackenbush
Sent: Thursday, August 24, 2023 16:47

> Yes.&whatever. As I wrote before, there's way too much "take this 
job and
find the 27 places that say XYZZY and change them to the right HLQ." 
instead

of
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server

[Peter Sylvester]

Hi,

curl --verbose https://

may be sufficient

Peter



On 27/08/2023 09:43, Colin Paice wrote:

See Collecting a tcpip packet trace on z/OS.

and how to export it to a wireshark format - which you can then use
wireshark to process.

On Sun, 27 Aug 2023 at 00:59, Gibney, Dave <
03b5261cfd78-dmarc-requ...@listserv.ua.edu> wrote:


There's a free "wireshark" for z/OS. Something like
NBOS for z/OS


-Original Message-
From: IBM Mainframe Discussion List  On
Behalf Of Jerry Whitteridge
Sent: Saturday, August 26, 2023 10:47 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a

server

[EXTERNAL EMAIL]

Thanks Charles I was just starting to look at if curl would do it.

This is a TN3270 server on z/OS that I want to check what cert it is

presenting

to the user for a TLS connection.

J
-Original Message-
From: IBM Mainframe Discussion List  On
Behalf Of Charles Mills
Sent: Saturday, August 26, 2023 10:42 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server

Well, I wrote a product that does exactly that in a beautiful graphic

fashion and

is part of NewEra's ICEDirect suite.

https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld
efense.com%2Fv3%2F__https%3A%2F%2Fwww.newera.com%2FINFO%2FIC
EDirect.pdf__%3B!!JmPEgBY0HMszNaDT!p7XN4J09CBWP5eaGgpdT2VAVnTc
gOHI66aUmtmicKPvG-
4oXEGRcKDnH9yb_2KRZQg0s99_3guSOoyqqicnIdvXILxNY%24&data=05%7C
01%7CGIBNEY%40WSU.EDU%7C0436f4fd6f0d41e45b3608dba65c7453%7C
b52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638286688235202
429%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4NW
Vk9ZbssYTQSffyGgNsMixH22r32oxKNNzbLUJgCA%3D&reserved=0

Does that count? 

For free tools

1. Is it a Web server? If so most browsers will display the server

certificate and

the entire chain of trust. Click on the padlock icon next to the URL and

take it

from there.

2. Perhaps you can do this with OpenSSL?  I think so but don't know the
details.

3. Can you do this with curl? Seems likely but I am not a curl expert.

Charles

On Sat, 26 Aug 2023 16:52:46 +, Jerry Whitteridge
 wrote:


I used to use a java command to check on my certs on the mainframe

keytool -printcert -sslserver :port

but now all I get is a message

XXX:/u/xxx:>keytool -printcert -V -sslserver .yyy.com
keytool error: java.lang.Exception: No certificate from the SSL server


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server

[Colin Paice]

See Collecting a tcpip packet trace on z/OS.

and how to export it to a wireshark format - which you can then use
wireshark to process.

On Sun, 27 Aug 2023 at 00:59, Gibney, Dave <
03b5261cfd78-dmarc-requ...@listserv.ua.edu> wrote:

> There's a free "wireshark" for z/OS. Something like
> NBOS for z/OS
>
> > -Original Message-
> > From: IBM Mainframe Discussion List  On
> > Behalf Of Jerry Whitteridge
> > Sent: Saturday, August 26, 2023 10:47 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a
> server
> >
> > [EXTERNAL EMAIL]
> >
> > Thanks Charles I was just starting to look at if curl would do it.
> >
> > This is a TN3270 server on z/OS that I want to check what cert it is
> presenting
> > to the user for a TLS connection.
> >
> > J
> > -Original Message-
> > From: IBM Mainframe Discussion List  On
> > Behalf Of Charles Mills
> > Sent: Saturday, August 26, 2023 10:42 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server
> >
> > Well, I wrote a product that does exactly that in a beautiful graphic
> fashion and
> > is part of NewEra's ICEDirect suite.
> >
> > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld
> > efense.com%2Fv3%2F__https%3A%2F%2Fwww.newera.com%2FINFO%2FIC
> > EDirect.pdf__%3B!!JmPEgBY0HMszNaDT!p7XN4J09CBWP5eaGgpdT2VAVnTc
> > gOHI66aUmtmicKPvG-
> > 4oXEGRcKDnH9yb_2KRZQg0s99_3guSOoyqqicnIdvXILxNY%24&data=05%7C
> > 01%7CGIBNEY%40WSU.EDU%7C0436f4fd6f0d41e45b3608dba65c7453%7C
> > b52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638286688235202
> > 429%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
> > MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4NW
> > Vk9ZbssYTQSffyGgNsMixH22r32oxKNNzbLUJgCA%3D&reserved=0
> >
> > Does that count? 
> >
> > For free tools
> >
> > 1. Is it a Web server? If so most browsers will display the server
> certificate and
> > the entire chain of trust. Click on the padlock icon next to the URL and
> take it
> > from there.
> >
> > 2. Perhaps you can do this with OpenSSL?  I think so but don't know the
> > details.
> >
> > 3. Can you do this with curl? Seems likely but I am not a curl expert.
> >
> > Charles
> >
> > On Sat, 26 Aug 2023 16:52:46 +, Jerry Whitteridge
> >  wrote:
> >
> > >I used to use a java command to check on my certs on the mainframe
> > >
> > >keytool -printcert -sslserver :port
> > >
> > >but now all I get is a message
> > >
> > >XXX:/u/xxx:>keytool -printcert -V -sslserver .yyy.com
> > >keytool error: java.lang.Exception: No certificate from the SSL server
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to
> > lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > 
> >  Warning: All e-mail sent to this address will be received by the
> corporate e-
> > mail system, and is subject to archival and review by someone other than
> the
> > recipient. This e-mail may contain proprietary information and is
> intended only
> > for the use of the intended recipient(s). If the reader of this message
> is not the
> > intended recipient(s), you are notified that you have received this
> message in
> > error and that any review, dissemination, distribution or copying of this
> > message is strictly prohibited. If you have received this message in
> error,
> > please notify the sender immediately.
> > 
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to
> > lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN