NO - you must take some action
I'm assuming you don't name a certificate label in your AT-TLS policy and are
using the default cert on the keyring for a TCP server.
• Mark the new one as default on the keyring
• Refresh PAGENT
• To be sure trace a new TCPIP connection and verify you're using the
expected new certificate (and CA) - this will avoid surprises if you've missed
a step somewhere
If you do name a cert label in the AT-TLS policy:
• Rename the cert labels (and mark the new one default just in case
something else uses it)
• Or rework the AT-TLS policy to point to the new label
• Refresh PAGENT
Mike Wawiorko
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Brad Wissink
Sent: 02 March 2016 21:23
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: multiple certificates and certificate expiration
We are running AT-TLS and have a keyring with a certifcate that is about to
expire. we have gotten a new certificate and added it to the keyring, but not
as the default. The question I have is if we leave the old certificate in the
keyring as the default, when it expires will AT-TLS start using the new
certificate even thought it is not marked as the default?
--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu<mailto:lists...@listserv.ua.edu> with the message:
INFO IBM-MAIN
This e-mail and any attachments are confidential and intended solely for the
addressee and may also be privileged or exempt from disclosure under applicable
law. If you are not the addressee, or have received this e-mail in error,
please notify the sender immediately, delete it from your system and do not
copy, disclose or otherwise act upon any part of this e-mail or its attachments.
Internet communications are not guaranteed to be secure or virus-free. The
Barclays Group does not accept responsibility for any loss arising from
unauthorised access to, or interference with, any Internet communications by
any third party, or from the transmission of any viruses. Replies to this
e-mail may be monitored by the Barclays Group for operational or business
reasons.
Any opinion or other information in this e-mail or its attachments that does
not relate to the business of the Barclays Group is personal to the sender and
is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised by the Prudential Regulation Authority and
regulated by the Financial Conduct Authority and the Prudential Regulation
Authority (Financial Services Register No. 122702).
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN