On Fri, 3 Jun 2011 10:52:10 -0500, Stew Feuerstein <[email protected]> wrote:
>Thanks for your response. We read something similar about DSA not being >usable for SSL encryption. > >We have gotten further info from CA. It seems like I left something out of >my post that was relevant. We are still running z/OS 1.9. > >It seems that with z/OS 1.9 the max keysize is 1024 without the PCI crypto >card. See the RACF manual from z/OS 1.9 >http://publibz.boulder.ibm.com/epubs/pdf/ichza480.pdf page 291 for the >size(keysize) parameter of RACDCERT. > RACF's maximum keysize for RACDCERT should not be relevant to you, and RACF command documentation should also not be relevant, as you are not using RACF. You are using CA Top Secret, and so any restrictions are ones that they impose, not ones that RACF imposes. And any discussions about what you can or can not do need to be with CA. However, as I mentioned before, the question of how you can -use- a certificate is different from the question of how you can -create- a certificate. System SSL should have no problems using the certificate if you get it created. And System SSL does not require that you use SAF key rings. -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
