Creating a RACF key ring for use with Db2 Data Gate
Create a key ring in RACF to store both the signer certificate and the server certificate.
About this task
The same key ring can be used by multiple Db2 subsystems under the condition that all subsystems use the same user ID for the DDF started task. If access by different user IDs is required, then access must be managed correctly by RACF® methods.
Procedure
Add RACF commands to a JCL job as shown in the
following example in order to create a key ring in RACF and
store the certificates.
Tip: Make the user ID that runs the DDF started task the owner of the key ring. This
way, you can omit a number of access authorizations.
Use the following example as a reference:
RACDCERT ID(DB2USER) ADDRING(DB2AKEYRING)
RACDCERT ID(DB2USER) -
CONNECT(CERTAUTH -
LABEL('DB2 SERVER CA') RING(DB2AKEYRING))
RACDCERT ID(DB2USER) -
CONNECT(ID(DB2USER) -
LABEL('DB2ASERVER CERTIFICATE') -
RING(DB2AKEYRING) DEFAULT)
SETR RACLIST (DIGTRING) REFRESH
SETR RACLIST (DIGTCERT) REFRESH
SETR RACLIST (FACILITY) REFRESH