Re: RACF CERT LABEL0000001
Use openssl and separate the certs. That way you can assign a label for each. Rob On Sat, Aug 15, 2020, 06:28 Lizette Koehler wrote: > If you were not aware there is a RACF List that might be helpful with this > question > > To join, if you have not done so, > > RACFhttp://www.listserv.uga.edu/archives/racf-l.html > > Lizette > > > -Original Message- > From: IBM Mainframe Discussion List On Behalf > Of Matt Martin > Sent: Friday, August 14, 2020 11:53 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: RACF CERT LABEL001 > > RACF digital certificates have a LABEL, up to 32 characters. I'm trying > to avoid adding a cert and getting one or more LABEL certs. For > example, a CHECKCERT on a z/OS dataset shows three certs, each not showing > a label, chain is complete. My experience is when I add 'the' cert file to > RACF, it will successfully add the top cert, and also add the other two > certificates, typically intermediate and root 'signing' certs, with labels > LABEL naming convention. That is not what I desire, so I delete > the two new LABEL, if I catch it. If not, I have clutter. > > My experience is I run one RACDCERT ADD, I get three, the other two are > junk. Is there a conventional RACF method to just add the desired > certificate? Not the others in the chain? Push back to cert file provider > to have ONLY one cert in the z/OS dataset? Continue to catch the two > junk/clutter certs and delete after the single ADD? Something else/better? > > Thanks... - Matt > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RACF CERT LABEL0000001
If you were not aware there is a RACF List that might be helpful with this question To join, if you have not done so, RACFhttp://www.listserv.uga.edu/archives/racf-l.html Lizette -Original Message- From: IBM Mainframe Discussion List On Behalf Of Matt Martin Sent: Friday, August 14, 2020 11:53 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: RACF CERT LABEL001 RACF digital certificates have a LABEL, up to 32 characters. I'm trying to avoid adding a cert and getting one or more LABEL certs. For example, a CHECKCERT on a z/OS dataset shows three certs, each not showing a label, chain is complete. My experience is when I add 'the' cert file to RACF, it will successfully add the top cert, and also add the other two certificates, typically intermediate and root 'signing' certs, with labels LABEL naming convention. That is not what I desire, so I delete the two new LABEL, if I catch it. If not, I have clutter. My experience is I run one RACDCERT ADD, I get three, the other two are junk. Is there a conventional RACF method to just add the desired certificate? Not the others in the chain? Push back to cert file provider to have ONLY one cert in the z/OS dataset? Continue to catch the two junk/clutter certs and delete after the single ADD? Something else/better? Thanks... - Matt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
RACF CERT LABEL0000001
RACF digital certificates have a LABEL, up to 32 characters. I'm trying to avoid adding a cert and getting one or more LABEL certs. For example, a CHECKCERT on a z/OS dataset shows three certs, each not showing a label, chain is complete. My experience is when I add 'the' cert file to RACF, it will successfully add the top cert, and also add the other two certificates, typically intermediate and root 'signing' certs, with labels LABEL naming convention. That is not what I desire, so I delete the two new LABEL, if I catch it. If not, I have clutter. My experience is I run one RACDCERT ADD, I get three, the other two are junk. Is there a conventional RACF method to just add the desired certificate? Not the others in the chain? Push back to cert file provider to have ONLY one cert in the z/OS dataset? Continue to catch the two junk/clutter certs and delete after the single ADD? Something else/better? Thanks... - Matt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
