|
Pete,
Does your solution apply the certs to both
https://myibmi.mycorp.com:2003/Navigator/mainframe/network/ias-server
and
https://myibmi.mycorp.com:2007/dcm/mainframe/system
When doing the latter does it make the new cert the default and apply it to
all the applications? When applying it to all the applications is an
exception possible? For example, let's say I want to assign it to all with
either no cert, or a cert of DEKKO2025_1. Thus not clobbering that one app
with a cert from one of our customers.
On Tue, Feb 24, 2026 at 4:55 PM Pete Helgren <pete@xxxxxxxxxx> wrote:
I have been able to manually manage a 90 day window but 47 days is just
too much to leave as a manual process.
Brad, the only "API" I couldn't find was restarting the HTTP server
instance. I can wrap a command to do it, but an API would be cleaner.
Also, having a "graceful" restart option, like Apache does, would be a
real plus so the website doesn't go down.
The app I have written does it all, end to end, automatically: Uses the
CSR to request the certificate (right now LetsEncrypt is supported). It
uses either the HTTP-01 or DNS-01 (for wildcard) challenge types (I'm
going to add DNS-PERSIST-01 when it goes into production - much
easier). Currently GoDaddy is the supported domain registrar when it
comes to automated updates of TXT records (which will be moot with
DNS-PERSIST-01 challenge).
Maybe IBM will come up with a solution that will make mine unnecessary
but it has been fun writing it. Yes, it runs under Tomcat as a servlet
but I am hoping as a .war file deployment it will also run with the
servlet containers that IBM provides for IBM i. We'll see..hope to post
to Github soon.
Pete Helgren
www.petesworkshop.com
CISSP - MSCM
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
On 2/24/2026 3:40 PM, Brad Stone wrote:
IBM needs to step up on this. I've been saying it for over 20 years now.lifespan.
I thought about putting something together, but the APIs, at least when I
was digging into it, weren't what I'd call "available".
On Tue, Feb 24, 2026 at 3:35 PM Bryan Dietz <bdietz400@xxxxxxxxx> wrote:
another "problem" is that Certs will be getting down to a 90 day
difficultyautomation will be key for everyone to deal with it.
Peter Dow wrote on 2/24/2026 1:03 PM:
Hi Pete,
No, I'm retired. I was just curious because it seemed like quite a few
steps Rob had to go through, then repeat for another 13 LPARs.
I have no idea how many shops have that many LPARs, or if the
listof implementing some automated version of those steps is worth it.--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
relatedTo post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
--questions.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
