'Re: Renewing certificates without causing a service outage :--)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Renewing certificates without causing a service outage :--)
From:       Tony Riordan <Tony.J.Riordan () NAB ! COM ! AU>
Date:       2018-08-31 0:30:12
Message-ID: MEAPR01MB2312539292F5E97E7B2AA5DAE90F0 () MEAPR01MB2312 ! ausprd01 ! prod ! outlook ! com
[Download RAW message or body]

Thanks Nigel...

Regards

Tony Riordan
Senior Consultant, Mainframe Identity Services, Enterprise Security
Technology & Operations, National Australia Bank
Level 01, 122 Lewis Road, Wantirna South, Victoria, 3152

Tony.J.Riordan@nab.com.au


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Nigel \
                Pentland
Sent: Thursday, 30 August 2018 6:29 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: Renewing certificates without causing a service outage :--)

Hi Tony,

OK, simple answer is yes.  But didn't feel too comfortable.  The biggest issue I \
found was with the Change Management process, namely when you have to answer the \
question, 'If this change goes wrong, how will you back it out?'.

Hence, I tended to find other ways which allowed for more easily defined backout, \
e.g. a new certificate on a new keyring where moving to the new certificate meant \
switching over to new keyring, and a nice clean switch back in the event anything \
breaks.

Other approaches can include exporting the old certificate to a PKCS12 (i.e. private \
key potentially exposed) assuming no ICSF so that you can restore previous \
configuration in the event of things breaking.

Hope that helps,  Nigel...


____________________________________________________________
Report all spam, suspicious messages and calls to: hoax@nab.com.au

Report suspicious NAB-branded text messages to 0476 220 003 (047 NAB 0003)

For more information visit:go/cybersafety \
____________________________________________________________

The information contained in this email and its attachments may be confidential.
If you have received this email in error, please notify the sender by return email,
delete this email and destroy any copy.

Any advice contained in this email has been prepared without taking into
account your objectives, financial situation or needs. Before acting on any
advice in this email, National Australia Bank Limited (NAB) recommends that
you consider whether it is appropriate for your circumstances.
If this email contains reference to any financial products, NAB recommends
you consider the Product Disclosure Statement (PDS) or other disclosure
document available from NAB, before making any decisions regarding any
products.

If this email contains any promotional content that you do not wish to receive,
please reply to the original sender and write "Don't email promotional
material" in the subject.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic