HFS has several meanings, and so does keyring, but they seem to be used in combination only for some
SSL/TLS piece of IBM z/OS. My top google hit is pic.dhe.ibm.com which sounds authoritative but responds down. The next page of hits are mostly looking at small patches of the elephant, but several indicate there is a command 'gskkyman' to manage the z/OS database(s?) of certs and keys. Nothing I find suggests that z/OS is actually using openssl, and in my limited experience z/OS tends not to use open-source cross-platform software like openssl. Certainly the file extensions you give are not usually used with openssl except possibly .cer (which is used by everybody+dog, and in openssl somethingcert.pem or .der are somewhat more likely) although they can be chosen arbitrarily and might have been here. If those are in fact openssl files, for us to help you'll have to identify what they are. openssl uses two primary file formats, PEM and DER, usually (but not always) reflected in file extensions or names.PEM data is stored as text, but in a special (restricted) format; they have a line like -----BEGIN something-----, followed by one or more lines of base64 which consists of letters, digits, occasionally plus or slash, and often equals at the end, then a line like -----END something----- . There may be more than one PEM blob in a file. If that's what your files look like, tell us what the 'something's are. DER files are binary and readable only with specialized tools. If your file looks like mostly gibberish it could be DER or it could be lots of other things. If you have openssl commandline or can binary-transfer the files to a system that does, 'openssl asn1parse -inform der' will tell show if it's some kind of DER and a knowledgeable reader can usually figure out which. Note that if these files contain a private key, as an SSL 'keyring' must, you may not be allowed to transfer it. From: <mailto:owner-openssl-us...@openssl.org> owner-openssl-us...@openssl.org [ <mailto:owner-openssl-us...@openssl.org> mailto:owner-openssl-us...@openssl.org] On Behalf Of Jake anderson Sent: Thursday, February 06, 2014 04:48 To: <mailto:openssl-users@openssl.org> openssl-users@openssl.org Subject: *** Spam *** Clarification for renewing OPENSSL certificate Hello, One of our OPEN SSL keyring is expired. error 18 at 0 depth lookup:self signed certificate error 10 at 0 depth lookup:Certificate has expired OK currently our key locations has the below files : ctscert,ctscert.cer,ctscert.rdb,ctscert.sth So We have been usong ctscert as the HFS keyring for our telnet server. Could someone please help me in renewing or creating a new hfs keyring. Any suggestions highly appreciated. Jake
