'=?utf-8?B?UmU6IFRyeWluZyB0byBhZGQgYSBjZXJ0aWZpY2F0ZSB0byBSQUNG?='

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    =?utf-8?B?UmU6IFRyeWluZyB0byBhZGQgYSBjZXJ0aWZpY2F0ZSB0byBSQUNG?=
From:       nigel () nigelpentland ! net <nigel () NIGELPENTLAND ! NET>
Date:       2012-07-19 6:50:58
Message-ID: 0M0v6Z-1Tijtm0Yoh-00uW4W () mrelayeu ! kundenserver ! de
[Download RAW message or body]

Russ,

Guess that depends on your view as to whether a certificate with a blank DN is a \
valid entity that you would expect RACDCERT to be able to add?

Not sure if this would be an X.509 compliant certificate or not?

Either way it's useful to understand the current limitation.

Hope that makes sense?

Nigel...

Sent from my HTC

----- Reply message -----
From: "Russell D Hardgrove" <hardgrov@US.IBM.COM>
To: <RACF-L@LISTSERV.UGA.EDU>
Subject: Trying to add a certificate to RACF
Date: Thu, Jul 19, 2012 00:08


I'm a bit confused about WHAT a pmr would be for?
..
--------------------------------------------------
Russ Hardgrove / RACF Lvl2
IBM - z/OS  Software Service
Dept. EC8A   Bldg. 707 - 2/F19
Poughkeepsie, NY  12601
hardgrov@us.ibm.com  845-435-3279
            or  295-3279 (T/L)
--------------------------------------------------
"RACF: Guilty, until proven innocent !!"    RdH 2004
"RACF, praesumitur malus donec probetur bonus"    RdH     MMX
<< Continually proving this (innocence) is not just a JOB, it's an
-ADVENTURE-   :-b  .. >>
....



From:
Nigel Pentland <nigel@NIGELPENTLAND.NET>
To:
RACF-L@listserv.uga.edu
Date:
07/18/2012 06:03 PM
Subject:
Re: Trying to add a certificate to RACF



Wai,

Thanks for letting me know.  I think now I fully understand the situation
I'd rather fix the certificate than raise a PMR as I don't think having a
certificate with a blank DN is a good idea.

Kind regards,

Nigel...

-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of
Wai
Choi
Sent: 18 July 2012 20:52
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: Trying to add a certificate to RACF

Nigel,

Your observation is right. RACDCERT can not handle a certificate with
empty
Subject Distinguished Name. You may open a PMR to fix the problem.

Regards,
Wai

Wai Choi - RACF/PKI Design and Development




From:   Nigel Pentland <nigel@NIGELPENTLAND.NET>
To:     RACF-L@listserv.uga.edu
Date:   07/17/2012 11:49 AM
Subject:        Trying to add a certificate to RACF
Sent by:        RACF Discussion List <RACF-L@listserv.uga.edu>



Hello,

I'm trying to add a public certificate to RACF and getting the following:

 RACDCERT ADD('XXXXXXX.BASE64.CERT1') ID(XXXXXXX) WITHLABEL
('xxxxxxx.xx.xxx.xxx')
IRRD104I The input data set does not contain a valid certificate.
READY

The certificate looks good to me and I've checked all the usual input
dataset allocation etc.

Only thing I can see which I think might be causing the error is the
'Subject' i.e the DN is completely blank - it has a load of domain names
defined as Subject Alternate Names.

Does anyone know if RACF can handle blank DNs?

Nigel...


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic