For the validation process, I would agree that putting the whole cert chain in
the server side's keyring is a better approach so that the client side only
needs to have the root certificate in its keyring. It is simpler and it can
avoid the scenario if the client has an expired intermediate
Don Grinsell wrote:
>In my experience (ACF2) intermediate certs are also inserted using
CERTAUTH. Essentially anything in the certificate chain for a SITECERT or
USER cert is a CERTAUTH item.
As I read and learn more about this, I'm convinced that the above is
incorrect. My understanding is
: CERTAUTH vs SITE vs user certificate
Actually with RDATALIB, you should be able to share a cert with multiple
regions as well without using SITE.
Rob Schramm
On Wed, Jul 27, 2016, 12:01 PM Ward, Mike S <mw...@ssfcu.org> wrote:
> I know that a site certificate can b e shared by many CIC
4, 2016 1:02 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: CERTAUTH vs SITE vs user certificate
>
> I've never understood how you choose between adding a certificate as
> CERTAUTH, SITE, or user. And not having a lot of luck Googling for it. Can
> anyone describe the choice, o
@LISTSERV.UA.EDU] On Behalf
Of Phil Smith III
Sent: Thursday, July 14, 2016 1:02 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: CERTAUTH vs SITE vs user certificate
I've never understood how you choose between adding a certificate as CERTAUTH,
SITE, or user. And not having a lot of luck Googling
If you have not done so, and you would like to join the RACF List, use this url
RACFhttp://www.listserv.uga.edu/archives/racf-l.html
Lizette
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
In RACF:
1. Only Certificate Authority(CA) certificate SHOULD issue certificates for
others - for a user, for a server, for another CA.
2. For a self-signed CA certificate, we call it a root certificate.
3. A CA certificate signed by another CA is called an intermediate CA.
4. CA
@LISTSERV.UA.EDU
Subject: Re: CERTAUTH vs SITE vs user certificate
>So:
>CERTAUTH - root certs
>SITE - server leaf certs (and intermediates?)
>User - certs used to authenticate users to servers
>Anyone want to agree/argue/validate/disprove?
Nobody else has any thoughts on this? S
IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: CERTAUTH vs SITE vs user certificate
>
> >So:
>
> >CERTAUTH - root certs
>
> >SITE - server leaf certs (and intermediates?)
>
> >User - certs used to authenticate users to servers
>
>
>
> >Anyone
Cert discussion is more frequent over on RACF-L :)
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> On Behalf Of Phil Smith III
> Sent: Monday, July 18, 2016 2:45 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: CERTAU
>So:
>CERTAUTH - root certs
>SITE - server leaf certs (and intermediates?)
>User - certs used to authenticate users to servers
>Anyone want to agree/argue/validate/disprove?
Nobody else has any thoughts on this? Surely we aren't the only ones dealing
with certificates (well, besides
Dave Gibney wrote:
>I could be wrong and I did use CERTAUTH inappropriately (should have been
SITE) in the past.
>I use:
>CERTAUTH to sign other certs.
>SITE for SERVERS
>User for users :)
I like this, Dave-it's certainly coherent and *sounds* logical!
So:
CERTAUTH - root certs
SITE
Smith III
> Sent: Thursday, July 14, 2016 11:02 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: CERTAUTH vs SITE vs user certificate
>
> I've never understood how you choose between adding a certificate as
> CERTAUTH, SITE, or user. And not having a lot of luck Googling for it. Can
&
I've never understood how you choose between adding a certificate as
CERTAUTH, SITE, or user. And not having a lot of luck Googling for it. Can
anyone describe the choice, or point me at something coherent?
Thanks.
--
For
14 matches
Mail list logo
