Creating a self-signed personal certificate on z/OS

Use this procedure to create a self-signed personal certificate.

  1. Generate a certificate and a public and private key pair using the following command:
    
    RACDCERT ID(userid2) GENCERT
    SUBJECTSDN(CN('common-name')
               T('title')
               OU('organizational-unit')
               O('organization')
               L('locality')
               SP('state-or-province')
               C('country'))
    WITHLABEL('label-name')
    
  2. Connect the certificate to your key ring using the following command:
    
    RACDCERT ID(userid1)
    CONNECT(ID(userid2) LABEL('label-name') RING(ring-name) USAGE(PERSONAL))
    
where:
  • userid1 is the user ID of the channel initiator address space or owner of the shared key ring.
  • userid2 is the user ID associated with the certificate and must be the user ID of the channel initiator address space.

    userid1 and userid2 can be the same ID.

  • ring-name is the name you gave the key ring in Setting up a key repository on z/OS.
  • label-name must be either the value of the IBM® MQ CERTLABL attribute, if it is set, or the default ibmWebSphere®MQ with the name of the queue manager appended. See Digital certificate labels for details.