How to setup ACF2 so that a self-signed certificate can be used to connect to a server?
A self signed certificate is one that has not been signed by a certificate authority.
A certificate signed by a certificate authority (CA) would be included in a server keyring
with the signing certificate(s).
For example.
KEYRING / SERVER1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26
DEFAULT(SERVER1.CERT) RINGNAME(Server1Ring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.CERT Certauth certificate Root CERTAUTH
CERTAUTH.CERT2 Certauth certificate Inter CERTAUTH
SERVER1.CERT SERVER1.CERT PERSONAL
A self-signed certificate would be connected to the
KEYRING / SERVER1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26
DEFAULT(SERVER1.CERT) RINGNAME(Server1Ring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
SERVER1.CERT SERVER1.CERT PERSONAL
A client keyring for a CA signed certificate would only contain the CA certificates.
For example..
KEYRING / CLIENT1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26
DEFAULT() RINGNAME(Client1Ring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.CERT Certauth certificate Root CERTAUTH
CERTAUTH.CERT2 Certauth certificate Inter CERTAUTH
A self-signed certificate would be attached to the client keyring
as a certauth certificate
For example...
KEYRING /CLIENT1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26
DEFAULT() RINGNAME(Cleint1Ring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.SERVER1 SERVER1.CERT CERTAUTH
(the above certificate is the same certificate as SERVER1.CERT but referenced as a
certauth certificate and not a personal certificate in the client keyring.)