Supplied certficate authorities in RACF vs CA Top Secret
Article ID: 132303
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
3rd Party supplied Certificate Authorities.
Our group maintains digital certificates in both the RACF and Top Secret security productions on z/OS Version 2.2, 2.3 and 2.4. We keep an eye on the Security Server RACF Security Administrator's Guide, appendix C, which lists certificate authorities that are supplied with the operating system. In version 2.2, manual SA23-2289, we see in Appendix C, there are 26 such CAs. In version 2.3, the same associated manual Appendix C shows only 3 of these. RACF explained to us that it would make it easier for us to clean up expired such CAs. Is this how Top Secret R16 handles the supplied certificate authorities? Does the operating system enforce this or does it depend on the security product, RACF or Top Secret?
Our group maintains digital certificates in both the RACF and Top Secret security productions on z/OS Version 2.2, 2.3 and 2.4. We keep an eye on the Security Server RACF Security Administrator's Guide, appendix C, which lists certificate authorities that are supplied with the operating system. In version 2.2, manual SA23-2289, we see in Appendix C, there are 26 such CAs. In version 2.3, the same associated manual Appendix C shows only 3 of these. RACF explained to us that it would make it easier for us to clean up expired such CAs. Is this how Top Secret R16 handles the supplied certificate authorities? Does the operating system enforce this or does it depend on the security product, RACF or Top Secret?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
It is dependent on the security package (TSS, ACF2 or RACF). RACF supplied 3rd parties Certificate Authorities on their security file by default. TSS supplies one 3rd party Certificate Authority. You can EXPORT the certificate from RACF and TSS ADD them to TSS on an as needed basis.
Feedback
Yes
No
Powered by
