Hello:
We want to add a new certificate in a new ring for our TN3270 connections.
The add of the new certificate fails with:
IRRD109I The certificate cannot be added. Profile XXXXX is already defined.
We detail the certificate definition steps:
- Ring definition:
RACDCERT ID(TCPIPC) ADDRING(KRSE1111BK)
- Certificate definition:
RACDCERT ID(TCPIPC) GENCERT -
SUBJECTSDN(CN('VSIS') -
O('MAPFRE') OU('MAPFRE VIDA') C('ES')) -
ALTNAME(E('ZZL DGTP IT SOPORTE SISTEMAS Z/OS')) -
WITHLABEL('CERTIF. VSIS_1111BK')
- Dataset generated for signed by a trusted certificate authority:
RACDCERT ID(TCPIPC) -
GENREQ(LABEL('CERTIF. VSIS_1111BK')) -
DSN('SYS3.CERT.VIDA.VSIS.TCPIPC.F1111BK.NOMICSF')
We send the file to a trusted certificate authority and they return the signed
certificate.
We copy the content from the signed certificate to dataset
SYS3.CERT.VIDA.VSIS.TCPIPC.F1111BK.NOMICSF.
And finally add the dataset to CERTIF. VSIS_1111BK
RACDCERT ID(TCPIPC) -
ADD('SYS3.CERT.VIDA.VSIS.TCPIPC.F1111BK.NOMICSF')TRUST -
WITHLABEL('CERTIF. VSIS_1111BK')
The steps ends with RC 04 and with the message: IRRD109I The certificate cannot
be added. Profile XXXXX is already defined.
We can't connect to TN3270 with SSL. Fails with a problem with the trusted
certificate authority.
We've displayed all the rings active with RACDCERT ID(TCPIPC). The keyring
KRSE1111BK is one and only. We've removed all the keyrings active (except
KRSE1111BK).
Is possible delete or replace the profile already defined?.
Regards
Jorge García Juanino
Técnico de Sistemas Z/Os
DGTP Departamento de Técnica de Sistemas
MAPFRE
Gobelas 47 - 49 2ª C y D
28023 Madrid
Tfno: 91 581 27 34/ 618 33 35 59
Fax: 91 581 24 01
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
