Since DCM and the new V5R3 expiration feature was mentioned, does
anybody else here use client certificates?  We require a certificate for
telnet ssl connection.  As per the default (OK, so I set that default)
the certificates expire every year.  Now at least I can see (if I have
*ALLOBJ and *SECADM) what certificates are about to expire.

Is there a renew option I missed?  We've been creating new and deleting
old (just for cleanup purposes).  Any other options available?

Thanks,
Sean Porterfield

Chris Bipes wrote:
> When it stops working is a good indication of expired certificates.
> Starting with V5R3 DCM has an option to check for certificates the
> expire in XX days.  You can then re-new the ones listed and assign the
> new certificates.  They will not take effect until you re-start the
> appropriate service.  You can have up to 2000 days if you set the store
> up correctly.  But who will remember years from now to check the certs.
> I have a monthly procedure to check what will expire with in the next 60
> days. 
> 
> 
> Christopher Bipes
> Information Services Director
> CrossCheck, Inc.
> 
> -----Original Message-----
> From: Hart, Doug - ETG (Contractor)
> Sent: Tuesday, May 02, 2006 12:35 PM
> To: Midrange Systems Technical Discussion
> Subject: Digital Certificate Expiration
> 
>  
> How are people managing digital certificate expirations?
> 
> We are setting up SSL for our MQ queues.  This is for different iSeries
> partitions in different datacenters and some PC servers.  The default
> when creating DCs is that they expire in one year.  I'm assuming that
> when I renew my certificates that I'll need to export them back out to
> the other systems.  This is about a 2 hours process.  
> 
> Other than setting a reminder in my calendar for next year I see no way
> to remember this.  I see no way the iSeries will remind me other than
> the application failing.   Heck, I might not even be involved with this
> next year.  
> 


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.