Requesting a personal certificate

 

To apply for a personal certificate, use RACF as follows:

1. Create a self-signed personal certificate, as in Creating a self-signed personal certificate. This certificate provides the request with the attribute values for the Distinguished Name.

2. Create a PKCS #10 Base64-encoded certificate request written to a data set, using the following command:

   RACDCERT ID(userid2) GENREQ(LABEL('label-name')) DSN(output-data-set-name)

   where label-name is the label used when creating the self-signed certificate, and userid2 is the user ID associated with the certificate.

3. Send the data set to a Certification Authority (CA) to request a new personal certificate.

4. When the signed certificate is returned to you by the Certification Authority, we need to add the certificate back into the RACF database, using the original label, as described in Adding personal certificates to a key repository.

 

Parent topic:

Obtaining personal certificates

sy12550_