Adding personal certificates to a key repository
After the Certification Authority sends you a new personal certificate, add it to the key ring using the following procedure:
- Add the certificate to the RACF database using the following command:
RACDCERT ID(userid2) ADD(input-data-set-name) WITHLABEL('label-name')- Connect the certificate to your key ring using the following command:
RACDCERT ID(userid1) CONNECT(ID(userid2) LABEL('label-name') RING(ring-name) USAGE(PERSONAL))where:
- userid1 is the user ID of the channel initiator address space or owner of the shared key ring.
- userid2 is the user ID associated with the certificate.
- ring-name is the name you gave the key ring in Set up a key repository.
- input-data-set-name is the name of the data set containing the CA signed certificate. The data set must be cataloged and must not be a PDS or a member of a PDS. The record format (RECFM) expected by RACDCERT is VB. RACDCERT dynamically allocates and opens the data set, and reads the certificate from it as binary data.
- label-name is the label name that was used when you created the original request. It must be in the correct WebSphere MQ format for a queue manager: ibmWebSphereMQ followed by the name of your queue manager, for example, ibmWebSphereMQCSQ1.
Parent topic:
Working with the Secure Sockets Layer (SSL) on z/OS
sy12570_