1.  Home
  2. MIDRANGE-L
  3. November 2025

Re: Populate with CAs

I usually find out which services need CAs imported during
development/testing.

Most of the time, at least in my experience, populating doesn't always
bring in the CAs required.

I actually don't use SQL services. I use GETURI. Both that and my
MAILTOOL software have the option to ignore "not trusted" errors with a
simple flag switch. I believe HTTPAPI does as well.


On Fri, Nov 21, 2025 at 9:41 AM Rob Berendt <robertowenberendt@xxxxxxxxx>
wrote:

I figured someone would answer with a preference with selective approval.
To me that implies that you have the time on your hands to decide which SQL
service accesses what site and what certs that site uses. Or you just wait
until processes blow up and approve it error by error.
Not meaning to sound negative but aren't we all experiencing work
overload? Does the "Populate with CAs" bring in undesirable entries?

On Fri, Nov 21, 2025 at 10:26 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

I only import CAs needed by client applications or for certificates I use
on my websites or other servers that use SSL.

But deleting expired CAs and certs is important. Sometimes the IBM i
goes
wonky when one is expired and stops everything, even if the CA has
nothing
to do with the SSL communications you're doing.

On Fri, Nov 21, 2025 at 9:04 AM Rob Berendt <robertowenberendt@xxxxxxxxx

wrote:

So is it generally accepted practice to go into DCM (Digital
Certificate
Manager) at https://youribmi.yourdomain.com:2007/dcm/mainframe/system
after applying PTFs, select the "Populate with CAs", Select All,
Populate
and pull in the new ones?

I did this awhile back, when I was having issues with some of the SQL
services and the remote work they do. Today I went in, deleted the
expired
ones, repopulated. Pulled in about 15 since the last time and none of
them
are expired.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.