Adding personal certificates to a key repository on z/OS
Use this procedure to add or import a personal certificate to a key ring.
After the certificate authority sends you a new personal certificate, add it to the key ring
using the following procedure:
- Add the certificate to the RACF® database using
the following command:
RACDCERT ID( userid2 ) ADD( input-data-set-name ) WITHLABEL(' label-name ')
- Connect the certificate to your key ring using the following command:
RACDCERT ID( userid1 ) CONNECT(ID( userid2 ) LABEL(' label-name ') RING( ring-name ) USAGE(PERSONAL))
- userid1 is the user ID of the channel initiator address space or owner of the shared key ring.
- userid2 is the user ID associated with the certificate and must be the user ID of the channel initiator address space.
- ring-name is the name you gave the key ring in Setting up a key repository on z/OS.
- input-data-set-name is the name of the data set containing the CA signed certificate. The data set must be cataloged and must not be a PDS or a member of a PDS. The record format (RECFM) expected by RACDCERT is VB. RACDCERT dynamically allocates and opens the data set, and reads the certificate from it as binary data.
-
label-name is the label name that was used when you created the original request. It must be
either the value of the IBM® MQ
CERTLABL attribute, if it is set, or the default
ibmWebSphereMQ
with the name of the queue manager or queue sharing group appended. See Digital certificate labels for details.