Requesting a personal certificate on z/OS

Apply for a personal certificate using RACF®.

To apply for a personal certificate, use RACF as follows:

Create a self-signed personal certificate, as in Creating a self-signed personal certificate on z/OS. This certificate provides the request with the attribute values for the Distinguished Name.
Create a PKCS #10 Base64-encoded certificate request written to a data set, using the following command:
```
RACDCERT ID(userid2) GENREQ(LABEL(' label_name ')) DSN(' output_data_set_name ')
```
where
- userid2 is the user ID associated with the certificate and must be the user ID of the channel initiator address space
- label_name is the label used when creating the self-signed certificate
See Digital certificate labels, understanding the requirements for details.
Send the data set to a Certificate Authority (CA) to request a new personal certificate.
When the signed certificate is returned to you by the Certificate Authority, add the certificate back into the RACF database, using the original label, as described in Adding personal certificates to a key repository on z/OS.