On Mon, 10 Mar 2014 13:49:38 -0700, Donald J. <[email protected]> wrote:
>Yes, the script helps to identify some things. What appilcation was it >working with? IIRC, this was in combination with windows certreq to build & send a cert request to a windows active directory server to be signed and then the signed cert was used for CICS web services over SSL (from a windows client or IE). >I am trying to generate a cert for an RDz client. The RDz client >appears to try to be >intelligent and not allow bad parameters to be entered like a wrong >passphrase for a PKCS12. >It seems to reject all the certs I have tried. I'm thinking maybe there >is a bug in the client. For hostIdMappings, the CA that signs the certs has to be set up in the RACF CERTAUTH with HIGHTRUST which means RACF will trust certificates signed by the CA to provide credentials without the client cert itself being added to RACF. HTH ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
