[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: RACDCERT LIST Extensions
From:       Bogdan Belciu <belciu.bogdan () GMAIL ! COM>
Date:       2018-03-21 14:25:06
Message-ID: CADyF5zMerH8whVJXAHZdE66Sd02Sg4ZySDk6_VuxQjRHg40D6A () mail ! gmail ! com
[Download RAW message or body]

Hello,

1. If you uploaded the certificate to mainframe and add it to RACF why you
are affraid is not the correct cert? :-/
2. Not all root CAs have serial number of 01.

On Wed, Mar 21, 2018 at 2:17 PM, Clough, Harold E CIV DISA SEL1 (US) <
harold.e.clough.civ@mail.mil> wrote:

> Question/Comment on using RACDCERT LIST /RACDCERT CHKCERT
> Scenario: I'm trying to verify the identity of new Root Cert.
>
> Given:  From the download site for the new Root Cert, I am seeing
> -Serial number
> -Extensions showing Key Identifier & Signature
> -Certificate Fingerprints
>
> So I load the certificate up in RACF and I see:
> -Serial Number
> -Certificate ID
>
> Now I'd like to verify that I have the correct cert.
> 1.  It would be nice if RACDCERT would show the certificate extension
> values and Fingerprint so I can match them up with what is published.
> 2.  Using the serial number for a Root Cert is not extremely helpful.
>  It's a Root, so the value is 01.
>
> I looked at IBM's RFE DeveloperWorks site and see at least 4 RFE's
> submitted for RACDCERT LIST, all in the 2014 timeframe, however, I don't
> have access to browse or vote for them.
>
> So I'm wondering what the preferred way to verify identity of Root Cert is
> using RACDCERT and also if RACDCERT will be enhanced going forward?
>
> Harold Clough
>
>


-- 
Best Regards,
Bogdan Belciu
[prev in list] [next in list] [prev in thread] [next in thread]