Chapter 5. Operations 127
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ------------ -------- -------
RRSF CERTAUTH CERT1 CERTAUTH CERTAUTH NO
SC75 OK RRSF SERVER CERT ID(RACF) PERSONAL YES
______________________________________________________________________________
RACDCERT ID(RACF) LIST
Digital certificate information for user RACF:
Label: SC75 OK RRSF SERVER CERTKR
Certificate ID: 2QTZwcPG4sP39UDW0kDZ2eLGQOLF2eXF2UDDxdnj0tlA
Status: TRUST
...
Private Key: NO
Ring Associations:
*** No rings associated ***
Label: SC75 OK RRSF SERVER CERT
Certificate ID: 2QTZwcPG4sP39UDW0kDZ2eLGQOLF2eXF2UDDxdnj
Status: TRUST
Start Date: 2012/05/22 00:00:00
End Date: 2013/05/22 23:59:59
Ring Associations:
Ring Owner: RACF
Ring:
>IRR.RRSF.KEYRING<
The old certificate is still defined, but is no longer connected to the server keyring. The new
certificate is now active and connected to the keyring.
5.5.5 Considerations for CA certificate management
A certificate authority might need to be renewed for any of the following reasons:
Certificate authority validity periods
Change in the policy of the certificates issued by the CA
Expiration of the CA that issued the certificate
Every certificate issued by a CA has a validity period. This validity period is the time when the
certificate can be accepted as an authoritative credential of the identity of the subject of the
certificate. This period assumes that the certificate is not revoked before the validity period
ends, and that the issuing CA is trusted. The primary purpose for the validity period is to limit
the time span in which a certificate might be compromised.
A CA is another entity that has been issued a certificate. It is issued either by itself (root CA)
or by a parent (subordinate CA). Every CA has a built-in expiration date that is determined by
the end of the validity period in its CA certificate. This date does not imply that the life of a CA
is equivalent to the validity period of its CA certificate. It implies that the CA cannot issue
certificates if it does not have a valid certificate of its own.

Get RACF Remote Sharing Facility over TCP/IP now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.