On Fri, 2 Jun 2023 15:55:47 +0000, Pommier, Rex <rpomm...@sfgmembers.com> wrote:
>Hi list, > >I'm a bit perplexed about this certificate change. Kurt gave us ample warning >about the SMP/E changes (thanks, Kurt). I also got a red alert telling me of >the impending change. In addition, I got an e-mail earlier this week from the >tapetools folks telling us that TT will start using the new cert next week. >The link in the TT e-mail showed various IBM entities implementing the new >cert over the next several months. Here's where my confusion comes from. >What - if anything - do I need to do with this? Looking at the cert in my >RACF database, it shows a start date of August 2013 - almost 10 years ago. >Am I missing something obvious that is a recent update or is IBM just being >extremely cautious with this change? > IBM is changing the root and intermediate certificate authorities that sign their certificates. According to this page: https://www.ibm.com/support/pages/node/6997317 you may not have to do anything: If you use the HTTPS download method and your certificate authority (CA) certificates are managed by the default z/OS Java truststore, then no action is required. For example, if your CLIENT XML input for the SMP/E RECEIVE command or the GIMGTPKG service routine contains the following, then no action is required: <CLIENT downloadmethod=”https” downloadkeyring=”javatruststore” javahome="/usr/lpp/java/J8.0" > </CLIENT> No action is required because the DigiCert Global Root G2 certificate is already defined in the default Java truststore. However, if you use the FTPS download method, or if you choose to manage certificate authority (CA) root certificates in your z/OS security manager, then continue reading to learn about the actions you must take. If that's not the case for your site, the page goes on to show detailed RACF commands to determine if you have the required root and intermediate certificates in your RACF database. Dana ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
