I now have an openssl config which produces the same hex code as your vbsscript for lengths less than 128. For length above 128 openssl produces a different length code for the SET (x'31') which is x'318184'. Your script produces x'31820184'. I will do some testing with CICS Web Services and FTP server. > Ensure the CA that signed the openssl certificate is on CICS's keyring > and set for HIGHTRUST. > Looks like you have to set up a profile in the SERVAUTH class as well. > And of course, the hostName in the hostIdMapping has to match. > I don't think this problem is on the host end as the RDz client will never attempt a session. (Wireshark trace is empty) it doesn't like the format of the certificate.
My openssl config segment for HostIdMappings looks something like this: 1.3.18.0.2.18.1 = ASN1:SET:user_set # [user_set] HostIdMappings1.1 = SEQUENCE:HostIdMapping1 HostIdMappings1.2 = SEQUENCE:HostIdMapping2 # [HostIdMapping1] hostName1 = IMPLICIT:1,IA5STRING:MVS3.DOMAIN.NAME subjectId1 = IMPLICIT:2,IA5STRING:USER448 # [HostIdMapping2] hostName2 = IMPLICIT:1,IA5STRING:MVS2.DOMAIN.NAME subjectId2 = IMPLICIT:2,IA5STRING:USER448 -- http://www.fastmail.fm - Accessible with your email software or over the web ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
