[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Expired RACF supplied CA Certificates
From:       Nigel Pentland <nigel () NIGELPENTLAND ! NET>
Date:       2017-06-26 22:29:52
Message-ID: C93819F8-816B-4B37-ABE2-6BE0A618B997 () nigelpentland ! net
[Download RAW message or body]

Just wanted to add, remember certificates which are not marked as trusted are ignored by the health check for expired certificates so they should generate any issues.


> On 26 Jun 2017, at 20:54, Wai Choi <wchoi@US.IBM.COM> wrote:
> 
> Martin,
> 
> All the certificates shipped with RACF have a NOTRUST status. NOTRUST 
> certificates are not used in the system. For NOTRUST certificate, whether 
> it is expired or not doesn't make a difference in functionality. It can 
> not be used any way. We take out expired certificates in a release 
> boundary. But some customer doesn't like the re-adding of expired 
> certificate at IPL in the current release. We are aware that there is one 
> expired last month and there is a PMR opened. We are in the process of 
> handling it. 
> 
> The answer to your question is no. In fact whether to ship default 
> certificates at all has been debated for a while. Stay tune for the new 
> information in the coming release.
> 
> Regards,
> Wai 
> 
> Wai Choi - RACF/PKI Design and Development
> 
> 
> 
> 
> From:   "Hamby, Martin K" <martin.k.hamby@LMCO.COM>
> To:     RACF-L@LISTSERV.UGA.EDU
> Date:   06/26/2017 03:14 PM
> Subject:        Expired RACF supplied CA Certificates
> Sent by:        RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
> 
> 
> 
> Just wondering how to handle expired RACF supplied digital certificates.
> 
> All I find in the IBM docs is the restriction - Do not delete the supplied 
> certificates. If they do not exist at IPL time, RACF initialization 
> automatically adds them. Therefore, if you delete them, they are recreated 
> at the next IPL.
> 
> Could it be that I delete the expired certificate that RACF would 
> automatically add a new one with a new future expiration date?
> 
> Martin K. Hamby
> Lockheed Martin
> Hosting Services &
> Application Provisioning
> (407) 275-0906
[prev in list] [next in list] [prev in thread] [next in thread]