'Re: Defining new ssl certificates'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Defining new ssl certificates
From:       "Campbell, Breck" <breck.campbell () STATE ! VT ! US>
Date:       2011-11-18 19:54:19
Message-ID: B07FD0E04C247A43B6B1AC22786A73290135D17EAF28 () ENT-MAILBOX01 ! vsms ! state ! vt ! us
[Download RAW message or body]

Thanks Nigel, Question answered... just hoping I asked the right ones! :)

Breck


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Nigel Pentland
Sent: Friday, November 18, 2011 12:22 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: Defining new ssl certificates

Hi Breck,

Technically you need the trusted root.  Optionally it is also good to have
any trusted intermediates.

Assuming you have these on a RACF keyring then both the root and the
intermediate should be connected with usage of CERTAUTH.

You say you are replacing existing certificates.  Well, shouldn't be any
different to what you have, just more of the same.  Use the RACDCERT
LISTRING command to check what you have.

If you want some examples please have a look at
http://www.nigelpentland.co.uk/gse/gse-2010/racdcert.pdf

Hope that helps,   Nigel...


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of
Campbell, Breck
Sent: 18 November 2011 15:48
To: RACF-L@LISTSERV.UGA.EDU
Subject: Defining new ssl certificates

I'm trying to add two new certificates to replace two certificates that
expire on 11/29/11.  State government, being what it is, I've had to change
CA vendors and increase the key-length for the certificates.

So far, I've cut the signing request, sent them to the vendor and received
the signed certificates, which I have loaded into the RACF database and
connected to the appropriate key-rings.

I also received from the CA vendor an intermediate certificate.  What am I
supposed to do with the intermediate certificate after I add it to the RACF
database?  Also do I need a root certificate from the vendor, and if I need
it, how should it look in the database?


Breck Campbell

Systems Developer II

State of Vermont

Dept of Information and Innovation

1 National Life Dr..

Montpelier, VT 05633-3701

phone 802-828-4692

fax 802-828-4677

email breck.campbell@state.vt.us
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic