[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: Expired RACF supplied CA Certificates
From: Nigel Pentland <nigel () NIGELPENTLAND ! NET>
Date: 2017-06-26 22:29:52
Message-ID: C93819F8-816B-4B37-ABE2-6BE0A618B997 () nigelpentland ! net
[Download RAW message or body]
Just wanted to add, remember certificates which are not marked as trusted are ignored by the health check for expired certificates so they should generate any issues.
> On 26 Jun 2017, at 20:54, Wai Choi <wchoi@US.IBM.COM> wrote:
>
> Martin,
>
> All the certificates shipped with RACF have a NOTRUST status. NOTRUST
> certificates are not used in the system. For NOTRUST certificate, whether
> it is expired or not doesn't make a difference in functionality. It can
> not be used any way. We take out expired certificates in a release
> boundary. But some customer doesn't like the re-adding of expired
> certificate at IPL in the current release. We are aware that there is one
> expired last month and there is a PMR opened. We are in the process of
> handling it.
>
> The answer to your question is no. In fact whether to ship default
> certificates at all has been debated for a while. Stay tune for the new
> information in the coming release.
>
> Regards,
> Wai
>
> Wai Choi - RACF/PKI Design and Development
>
>
>
>
> From: "Hamby, Martin K" <martin.k.hamby@LMCO.COM>
> To: RACF-L@LISTSERV.UGA.EDU
> Date: 06/26/2017 03:14 PM
> Subject: Expired RACF supplied CA Certificates
> Sent by: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
>
>
>
> Just wondering how to handle expired RACF supplied digital certificates.
>
> All I find in the IBM docs is the restriction - Do not delete the supplied
> certificates. If they do not exist at IPL time, RACF initialization
> automatically adds them. Therefore, if you delete them, they are recreated
> at the next IPL.
>
> Could it be that I delete the expired certificate that RACF would
> automatically add a new one with a new future expiration date?
>
> Martin K. Hamby
> Lockheed Martin
> Hosting Services &
> Application Provisioning
> (407) 275-0906
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic