On 4/10/19 2:47 AM, Don Poitras wrote:
You don't want to add the gmail cert to RACF, you just need the CA cert to validate it. See (this is for SMP/E, but I think also applies to your problem):
I agree, you /usually/ want the Root CA cert to be trusted so that the trust can flow down to any cert signed by said Root CA cert.
That being said, it may be possible to install Gmail's public cert as a trusted Root CA cert and achieve the same result. You are establishing a trusted point.
The downside of using the actual public cert as opposed to the Root CA cert is that end certs usually expire much sooner than Root CA certs. So you'd get to play a game of periodically updating the cert in RACF's keyring. Much more often than you would with the Root CA's cert.
-- Grant. . . . unix || die ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
