ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » RACF or Vendor CA for SSL Channels

Post new topic  Reply to topic
 RACF or Vendor CA for SSL Channels « View previous topic :: View next topic » 
Author Message
cicsprog
PostPosted: Tue Nov 04, 2008 3:10 pm    Post subject: RACF or Vendor CA for SSL Channels Reply with quote

Partisan

Joined: 27 Jan 2002
Posts: 347
We our a large shop (130 z/OS MQM's). Just starting to do SSL on some channels - point-to-point and Clients.

I want to limit the amount of Administration we need to do for this. Is using RACF or a Vendor CA a better way to go? Obviously a Vendor CA costs money.

Each one of our Jes plexes has a Verisign CA. It gets used by FTP and other z/OS software. Is there a way to use that so we wouldn't have to create/buy are own CA's? I tried to create a personal CERT for a Windows Client using the Verisign:

RACDCERT ID(MQD0CHIN) GENCERT +
SUBJECTSDN (CN('AUTHENTICATOR') +
T('CLIENT CERTIFICATE WINDOWES') +
OU('BE MQ') +
O('BE MQ') +
L('RTP') +
SP('FL') +
C('USA')) +
NOTAFTER(DATE(2015/12/31)) +
NOTBEFORE(DATE(2008/01/01)) +
SIZE(1024) +
WITHLABEL('ibmwebspheremqv107964') +
SIGNWITH(CERTAUTH LABEL('Verisign Class 3 Primary CA'))

But, I get a RACF RC of - no Private key stored with this signer certificate.


Since our RACF ADmins have no clue about this stuff, I'm trying to figure all this out myself. And, of course, I have no access to RACF (even on our sandbox).

Thanks for any input.
Back to top
View user's profile Send private message
zpat
PostPosted: Tue Nov 04, 2008 10:50 pm    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5866
Location: UK
Look for a Redbook on RACF certificate issue
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » RACF or Vendor CA for SSL Channels
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.