Building a key ring manually
In CICS®, the required server certificate and related information about certificate authorities are held in a key ring in the RACF® database. The key ring contains your system's private and public key pair, together with your server certificate and the certificates for all the certificate authorities that might have signed the certificates you receive from your clients.
Before you begin
To create a key ring you must have UPDATE authority to the IRR.DIGTCERT.ADDRING resource in the FACILITY class.
- The CICS regions share the same user ID that owns the key ring.
- If the region user ID does not own the key ring, grant that region user ID authority to access the key ring.
About this task
The RACDCERT command installs and maintains public key infrastructure (PKI) private keys and certificates in RACF. You can either manually issue the RACDCERT command to create a new key ring or you can use the DFH$RING sample program, see Building a key ring with certificates using DFH$RING.
To create a key ring manually, follow these steps:
Procedure
RACDCERT ID(cics-region-userid) ADDRING(ringname)
The
key ring must be associated with the CICS region user ID.