Define E2EAdapterCA
Procedure
-
Create a RACF keyring for the E2E adapter to use it as keystore.
RACDCERT ID(E2EUSER) ADDRING(E2EAdapterKeyring) -
Create a self-signed RSA key pair to act as a Certificate Authority (CA) certificate. A key
pair consists of a public and a private key. "E2EAdapterCA" is the label or alias of the
certificate.
RACDCERT GENCERT CERTAUTH SUBJECTSDN(CN('CA for E2EAdapter') O('IBM') OU('E2EAdapter') C('US')) SIZE(2048) WITHLABEL('E2EAdapterCA') NOTAFTER(DATE(2029-12-31)) -
Connect the CA certificate to the keyring.
RACDCERT ID(E2EUSER) CONNECT(RING(E2EAdapterKeyring) LABEL('E2EAdapterCA') CERTAUTH) -
Create a personal certificate, signed by the CA certificate "E2EAdapterCA". Create an RSA key
pair for the E2E adapter server signed by the CA certificate. The common name (CN) value is
typically the host name of the z/OS LPAR, which hosts the E2E adapter. "E2EAdapterServerCert" is the
alias of the personal certificate of the E2E adapter.
RACDCERT ID(E2EUSER) GENCERT SUBJECTSDN(CN('myServer.host.com') O('IBM') OU('E2EAdapter') C('US')) SIZE(2048) SIGNWITH(CERTAUTH LABEL('E2EAdapterCA')) WITHLABEL('E2EAdapterServerCert') NOTAFTER(DATE(2029-12-31)) -
Connect the personal certificate to the keyring.
RACDCERT ID(E2EUSER) CONNECT(RING(E2EAdapterKeyring) LABEL('E2EAdapterServerCert')) -
Verify that the keyring and certificates were created correctly.
RACDCERT ID(E2EUSER) LISTRING(E2EAdapterKeyring) RACDCERT CERTAUTH LIST(LABEL('E2EAdapterCA')) RACDCERT ID(E2EUSER) LIST(LABEL('E2EAdapterServerCert'))The following screen capture shows the LISTRING response:
Ring: >E2EAdapterKeyring< Certificate Label Name Cert Owner Usage Default -------------------------------- ------------ -------- ------- E2EAdapterCA CERTAUTH CERTAUTH NO E2EAdapterServerCert ID(E2EUSER) PERSONAL NO -
Activate the RACF definition.
SETROPTS RACLIST(DIGTCERT) REFRESH