[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Cert Question
From:       Rob Schramm <rob.schramm () GMAIL ! COM>
Date:       2013-06-21 22:51:36
Message-ID: CAN3vrrmT2AC3HxWz-j+x6=ebw0uurWm=E45vvyLFKnCoaD2EPg () mail ! gmail ! com
[Download RAW message or body]

Of course everyone is assuming that this is for the FTP Server .. not a
client.

Rob Schramm

Rob Schramm
Senior Systems Consultant
Imperium Group



On Fri, Jun 21, 2013 at 6:41 PM, Nigel Pentland <nigel@nigelpentland.net>wrote:

> Hi Tony
>
> The secret is generally getting the attributes of the keyring correct.
> It should look something like this
>
> RACDCERT ID(FTPTASK) LISTRING(FTPRING)
> Digital ring information for user FTPTASK:
> Ring:
> >FTPRING<
> Certificate Label Name Cert Owner  USAGE     DEFAULT
> ---------------------- ----------  -----     -------
> FTP SERVER             ID(FTPTASK) PERSONAL  YES
> ROOT                   CERTAUTH    CERTAUTH  NO
> 3RD PARTY ROOT         CERTAUTH    CERTAUTH  NO
>
> I'm showing a 3rd party root but if no client certificates are involved
> you can ignore that.  Significant things are to (a) have the root, plus
> any intermediate issuers connected with CERTAUTH usage, and (b) to have
> the entity certificate connected with PERSONAL usage and DEFAULT set to
> YES.
>
> Hope that helps
>
> Nigel...
>
>
>
> On 21/06/2013 22:21, Burkett, Tony wrote:
>
>> We have a cert that is also kept in a uss kdb file. We are trying to move
>> from the kdb file and have FTP check RACF but when we do the FTP does not
>> work. The FTP works fine when using the kdb file. The kdb file is just an
>> exported copy of the RACF cert.
>>
>> Does anyone have any idea or experience with making this change?
>>
>> The message(s) are something to the effect:
>>
>>   It had established the secure connection and then failed on the
>> exchange of data
>>
>> Thanks in advance
>> Tony
>>
>
[prev in list] [next in list] [prev in thread] [next in thread]