Ok, I'm back to certificates. As an almost-completely clueless noob I created two certificates for our upgraded Telnet server, and they've gotten it to work. Now I have to copy those certificates to other LPARs so the same Telnet emulators can connect to those LPARs also. I thought it would be simple: export the two certificates (one CERTSITE and one CERTAUTH), import them into the other LPARs, hook them up to keyrings there. Done.
Apparently it's not that simple, and I'm a little tired of charging my client for the time I need to guddle around in the documentation looking for explanations. Can anyone advise me?
I've exported the two certificates to a dataset in a PKCS12 packet, and CHKCERT seems to see it correctly. Apparently the DIGICERT name is not copied during the EXPORT, nor USAGE, nor the TRUST setting; those I suppose I must supply when doing the ADD command. I'll try it, at least. But when I attempt an ADD command, it names the CERTAUTH cert "AUTOnnnn"; I didn't expect that. Don't I need to rename it before it can be used, or does the client app not care? Maybe it cares only about the distinguished names? I'm sort of floundering here. Eager to learn, though.