Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

Creating a Personal Certificate on z/OS

Creating a Personal Certificate on z/OS

To create a personal or subject identification certificate use RACF or another facility such as ACF2 or TopSecret.
The following steps assume you are using RACF and that the RACF administrator has already created a suitable CA (site) certificate.
  1. Create a key ring.
  2. Create a personal certificate.
  3. Connect the personal certificate to the key ring.
  4. Connect the CA certificate to the key ring.
The following example illustrates these steps:
/* Create a Keyring for the application */ RACDCERT ID(MYUSERID) ADDRING(ATTLS_keyring) SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH /* Create a certificate for the Server application */ RACDCERT ID(MYUSERID) GENCERT - SUBJECTSDN ( - O('MyCompany') - CN('MYUSERID.mymachine.myorganization.com') - OU('myorganizationunit') - C('GB') - ) - WITHLABEL('MYUSERIDCert1')- SIGNWITH(CERTAUTH LABEL('LOCALCA')) SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH /* Connect the server certificate to the server’s keyring.*/ RACDCERT ID(MYUSERID) CONNECT(ID(MYUSERID) - LABEL('MYUSERIDCert1') – RING(ATTLS_keyring) – DEFAULT – USAGE(personal)) SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH /* Connect the CA certificate to the server's keyring */ RACDCERT ID(MYUSERID) CONNECT(CERTAUTH – LABEL('LOCALCA') – RING(ATTLS_keyring) - USAGE(certauth)) SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH

0 COMMENTS

We’d like to hear from you!