Adding personal certificates to a key repository

 

After the Certification Authority sends you a new personal certificate, add it to the key ring using the following procedure:

1. Add the certificate to the RACF database using the following command:

   RACDCERT ID(userid2) ADD(input-data-set-name) WITHLABEL('label-name')

2. Connect the certificate to your key ring using the following command:

   RACDCERT ID(userid1)
   CONNECT(ID(userid2) LABEL('label-name') RING(ring-name) USAGE(PERSONAL))

where:

• userid1 is the user ID of the channel initiator address space or owner of the shared key ring.

• userid2 is the user ID associated with the certificate.

• ring-name is the name you gave the key ring in Set up a key repository.

• input-data-set-name is the name of the data set containing the CA signed certificate. The data set must be cataloged and must not be a PDS or a member of a PDS. The record format (RECFM) expected by RACDCERT is VB. RACDCERT dynamically allocates and opens the data set, and reads the certificate from it as binary data.

• label-name is the label name that was used when you created the original request. It must be in the correct WebSphere MQ format for a queue manager: ibmWebSphereMQ followed by the name of your queue manager, for example, ibmWebSphereMQCSQ1.

 

Parent topic:

Working with the Secure Sockets Layer (SSL) on z/OS

sy12570_