[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: Cert Question
From: Rob Schramm <rob.schramm () GMAIL ! COM>
Date: 2013-06-21 22:51:36
Message-ID: CAN3vrrmT2AC3HxWz-j+x6=ebw0uurWm=E45vvyLFKnCoaD2EPg () mail ! gmail ! com
[Download RAW message or body]
Of course everyone is assuming that this is for the FTP Server .. not a
client.
Rob Schramm
Rob Schramm
Senior Systems Consultant
Imperium Group
On Fri, Jun 21, 2013 at 6:41 PM, Nigel Pentland <nigel@nigelpentland.net>wrote:
> Hi Tony
>
> The secret is generally getting the attributes of the keyring correct.
> It should look something like this
>
> RACDCERT ID(FTPTASK) LISTRING(FTPRING)
> Digital ring information for user FTPTASK:
> Ring:
> >FTPRING<
> Certificate Label Name Cert Owner USAGE DEFAULT
> ---------------------- ---------- ----- -------
> FTP SERVER ID(FTPTASK) PERSONAL YES
> ROOT CERTAUTH CERTAUTH NO
> 3RD PARTY ROOT CERTAUTH CERTAUTH NO
>
> I'm showing a 3rd party root but if no client certificates are involved
> you can ignore that. Significant things are to (a) have the root, plus
> any intermediate issuers connected with CERTAUTH usage, and (b) to have
> the entity certificate connected with PERSONAL usage and DEFAULT set to
> YES.
>
> Hope that helps
>
> Nigel...
>
>
>
> On 21/06/2013 22:21, Burkett, Tony wrote:
>
>> We have a cert that is also kept in a uss kdb file. We are trying to move
>> from the kdb file and have FTP check RACF but when we do the FTP does not
>> work. The FTP works fine when using the kdb file. The kdb file is just an
>> exported copy of the RACF cert.
>>
>> Does anyone have any idea or experience with making this change?
>>
>> The message(s) are something to the effect:
>>
>> It had established the secure connection and then failed on the
>> exchange of data
>>
>> Thanks in advance
>> Tony
>>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic