Creating a self-signed personal certificate on z/OS
Use this procedure to create a self-signed personal certificate.
- Generate a certificate and a public and private key pair using the following command:
RACDCERT ID(userid2) GENCERT SUBJECTSDN(CN('common-name') T('title') OU('organizational-unit') O('organization') L('locality') SP('state-or-province') C('country')) WITHLABEL('label-name')
- Connect the certificate to your key ring using the following command:
RACDCERT ID(userid1) CONNECT(ID(userid2) LABEL('label-name') RING(ring-name) USAGE(PERSONAL))
- userid1 is the user ID of the channel initiator address space or owner of the shared key ring.
- userid2 is the user ID associated with the certificate and must be the user ID of the channel initiator address space.
userid1 and userid2 can be the same ID.
- ring-name is the name you gave the key ring in Setting up a key repository on z/OS.
- label-name must be either the value of the IBM® MQ CERTLABL attribute, if it is set, or the default
ibmWebSphere®MQ
with the name of the queue manager appended. See Digital certificate labels for details.