Tom,
Below are the step I do when receiving a new cert or CA.
On Pencor06 R&D, create new subfolder, /SSCERTS/SSLWC20YY, where YY is start year of cert
On Pencor05 Production, create new subfolder, /SSCERTS/SSLWC20YY, where YY is start year of cert
Obtain new wild card cert, root CA, intermediate CA from IT,
Copy from MIS drive to Pencor06 /SSCERTS/SSLWC20YY
Copy from MIS drive to Pencor05 /SSCERTS/SSLWC20YY
Confirm cert details, determine if new root CA, intermediate CA, are needed.
On Pencor06,
Using DCM, import root CA, …CA.cer, assigning label matching CA name.
Using DCM import intermediate CA, …CA, assigning label matching CA name
Using DCM import server, …pfx, need password, @@@, assign label, PENCORMMYYWCSCH256
Using DCM, confirm list of SSL applications with template, add/delete as necessary.
Use AJS job TRCSSLOFF to see all jobs that use SSL.
Using DCM update certificate assignment to new cert for each application.
Test each application on Pencor06.
After Pencor06 testing is complete.
On Pencor05,
Using DCM, import root CA, …CA.cer, assigning label matching CA name.
Using DCM import intermediate CA, …CA, assigning label matching CA name
Using DCM import server, …pfx, need password, @@@, assign label, PENCORMMYYWCSCH256
Using DCM, confirm list of SSL applications with template, add/delete as necessary.
Use AJS job TRCSSLOFF to see all jobs that use SSL.
Using DCM update certificate assignment to new cert for each application.
Test each application on Pencor05.
The wild card cert changes may require the PC to be updated.
CMD
CWBCOSSL
OK
Use the middle section.
If using a CA from another source, enter a label and press the store button.
Do the Root first.
Using a mapped drive, navigate to the SSLCERTS folder.
Select the ….cer
Certificate Authority text label - DigiCertGlobalRootCA
Password – ca400
Ok
Ok
Certificate Authority text label - DigiCertGlobalInterCA
Ok
Ok
3 files will be updated on the PC.
cwbssldf.kdb
cwbssldf.sth
cwbssljavaca.jck
Location of the files - C:\Users\Public\Documents\IBM\Client Access
These files need to be sent to IT and added to group policy so all PC receive the updated tiles.
To test a Vendor CA.
From a command line.
RXSURI URI('
https://api-user.e2ro.com/2.2')
Paul
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Pete Helgren
Sent: Monday, October 26, 2020 4:50 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Question on certificates
________________________________
CAUTION: This email originated from outside of the PENCOR network. Do not click on any links or open attachments unless the sender is known, and the content is verified as safe.
________________________________
Do you know what file type it is? The extension is usually a safe bet to indicate what format it is in. Most pem, crt, csr, and key files are text. p12 is not but that would be a weird format to send as a certificate.
Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Twitter - Sys_i_Geek IBM_i_Geek
On 10/26/2020 3:35 PM, Tom Deskevich wrote:
When you receive a certificate that needs applied to the I, is there another step that needs to be done? I cannot open the certificate on the shared folder. The windows error states the file is invalid for use as the following- security certificate. When I look at it via the 5250 IFS, it does not show what you expect to see, -- BEGIN CERTFICATE --, but almost looks like something that needs converted to EBCDIC. TIA.
Harriscomputer
Tom Deskevich
Programmer/Analyst
P: 814-472-6066 x134
F: 814-472-5019
E: TDeskevich@xxxxxxxxxxxxxxxxxx
[cid:HLG_logo_14bd0fcf-3182-4b52-9120-a2e250d74b09.jpg]
172 Gateway Road PO Box 568
Ebensburg, Pennsylvania
15931
www.harrislocalgov.com<http://www.harrislocalgov.com>
This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc.
If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>.
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.