I am creating a Keyring for TN3270, do I have to Connect the CERTAUTH signing chain of certificates that signed the Server Personal certificate to the Keyring?

search cancel

I am creating a Keyring for TN3270, do I have to Connect the CERTAUTH signing chain of certificates that signed the Server Personal certificate to the Keyring?

book

Article ID: 13962

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

I am creating a Keyring for TN3270, do I have to Connect the CERTAUTH signing chain of certificates that signed the Server Personal certificate to the Keyring?

Environment

Release:
Component: ACF2MS

Resolution

You would need to connect the all of CA certificates in the signing chain for certificate SITECERT.TN3270 or specify 'CACHAIN' on the TN3270E.RING Keyring.
The 'CACHAIN' does the following:

CACHAIN|NOCACHAIN

For each certificate connected to the KEYRING with USAGE PERSONAL automatically include the chain of CA signing certificates on the KEYRING. To qualify for inclusion, the CA signing certificates must be trusted CERTAUTH certificates. The CA signing certificates do not need to be connected if CACHAIN is specified.

You can add 'CACHAIN' to the Keyring as follows from TSO ACF.

ACF
SET PROFILE(USER) DIV(KEYRING)
CHANGE TN3270E.RING CACHAIN

Feedback

thumb_up Yes

thumb_down No