Re: Importing x.509 Certs in to RACF

For the my.p12 files I sftp them to USS. Pre-allocate a VB file and then use USS command cp my.p12 “//‘IBMUSER.MYCERT.P12'” For ascii I just scp them and tag appropriately. Matt Hogstrom m...@hogstrom.org +1-919-656-0564 PGP Key: 0x90ECB270 Facebook LinkedI

Re: Importing x.509 Certs in to RACF

Classification: Confidential TSO OGET/OPUT work just fine. >And how are you copying it from USS to an MVS dataset? ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmissio

Re: Importing x.509 Certs in to RACF

Wow, quotes. Prefix is turned off on the profile and I would have expected a “Dataset Not Found” error. Other utilities have not required quotes. Thanks for stating the obvious as it was correct. Matt Hogstrom m...@hogstrom.org +1-919-656-0564 PGP Key: 0x90ECB270 Facebook

Re: Importing x.509 Certs in to RACF

And how are you copying it from USS to an MVS dataset? On Fri, May 5, 2023 at 4:34 AM Michael Babcock wrote: > Before trying to add it to RACF use the RACDCERT CHECKCERT command. Off > the top of my head, I think it’s RACDCERT CHECKCERT(‘dataset-name’). I > always use that before adding a ce

Re: Importing x.509 Certs in to RACF

: Thursday, May 4, 2023 10:07 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Importing x.509 Certs in to RACF [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don't click links or open attachments as it may be a Phishing email, which can steal your Informatio

Re: Importing x.509 Certs in to RACF

.509 Certs in to RACF [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] I’m attempting to import an x.509 cert for TLS. The

Re: Importing x.509 Certs in to RACF

Matt. As far as I know RACF cannot import from a z/os unix file. It has to be VB. I think there is an RFE/Idea requesting unix file support. Also you said that the source file is ISO 8859-1 which suggests to me that is base-64 encoded. If so you will see “—— BEGIN” near the start and a similar

Re: Importing x.509 Certs in to RACF

Before trying to add it to RACF use the RACDCERT CHECKCERT command. Off the top of my head, I think it’s RACDCERT CHECKCERT(‘dataset-name’). I always use that before adding a cert to RACF.And if there is a password on the cert add PASSWORD(‘password’) to the command. Mind the quotes on bot

Re: Importing x.509 Certs in to RACF

Matt, I had a similar problem. Make sure you do not have the file open anywhere else .. I think RACF takes an exclusive lock on it I had a problem with the v3 version of openssl - the format of the binary file was changed, and I think RACF did not support it. Try shipping it as a .pem file. For

Re: Importing x.509 Certs in to RACF

You have: RACDCERT ADD(IBMUSER.CERT.DIGICERT) CERTAUTHTRUST WITHLABEL('DigiCertCA’) Try adding apostrophes to the data set name: RACDCERT ADD('IBMUSER.CERT.DIGICERT') CERTAUTHTRUST WITHLABEL('DigiCertCA’) On Fri, 5 May 2023 at 13:07, Matt Hogstrom wrote: > I had VB 240 but I’ll rein

Re: Importing x.509 Certs in to RACF

I’m at 240 VB but I’ll try pulling it in … I was hoping to find a roadmap that would help out. Seems like there are a number of variables in terms of how certs are delivered, how they get uploaded, what encodings are used, etc. At the end of the day I’d like to get this documented to save t

Re: Importing x.509 Certs in to RACF

I had VB 240 but I’ll rein it in an see what we get. Oddly, I was hoping to find a roadmap that would help out. Seems like there are a number of variables in terms of how certs are delivered, how they get uploaded, what encodings are used, etc. At the end of the day I’d like to get this doc

Re: Importing x.509 Certs in to RACF

It could be that your data set attributes aren't quite right. Try something like LRECL=84, RECFM=VB. On Fri, 5 May 2023 at 11:49, Matt Hogstrom wrote: > I’m attempting to import an x.509 cert for TLS. The certificate is valid > and originates on a distributed system. I have the cert and the pr

Importing x.509 Certs in to RACF

I’m attempting to import an x.509 cert for TLS. The certificate is valid and originates on a distributed system. I have the cert and the private key. I’m trying to import the cert into RACF. I’ve tried creating a pfx file (pkcs12) as well as importing the text based certs individually. Each