Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Adding the user certificate to your RACF data base SMP/E for z/OS User's Guide SA23-2277-01 |
|
A user certificate is used by the SMP/E RECEIVE ORDER command to
uniquely identify you to the IBM® Automated
Delivery Request server. As described previously, the user certificate
was generated for you by ShopzSeries, downloaded to your workstation,
transferred to your z/OS® system
as binary data, and stored as a sequential data set. From the sequential
data set, the certificate can be stored in the RACF® data base using the following RACF command:
where certificate-owner is the user
ID that you choose to own the certificate, user.certificate.dataset.name is
the data set name used to store the PKCS12 certificate package obtained
from ShopzSeries, SMPE Client Certificate is
the label you choose to identify this certificate (32 characters or
less), and pass phrase is the encryption
pass phrase you specify when generating the PKCS12 certificate package
on ShopzSeries. Note: After you issue the preceding RACDCERT command, RACF should return this message: "certificate
authority not defined to RACF. Certificate added with TRUST status." This
is the expected response and is acceptable.
After you add the certificate to the RACF data
base, you must connect it to the key ring:
where SMPE
Client Certificate is the label you choose in the previous
step to identify this certificate, keyringname is
the name of the key ring you choose in Creating key rings, and ring-owner is the user
ID that created the key ring.Note: To enable the user certificate to be easily shared by other
user IDs without requiring unnecessarily high levels of access for
those other user IDs, the user certificate must be connected to the
key ring as a certificate authority (CA) certificate (USAGE of CERTAUTH).
This allows the user certificate to be shared without requiring other
user IDs to access the certificate’s associated private key.
|
Copyright IBM Corporation 1990, 2014
|