z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Scenario 3: Migrating an ikeyman or gskkyman certificate

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The installation needs to migrate their existing certificates on z/OS. These certificates were created with the ikeyman or gskkyman utility and reside in the z/OS UNIX file system. The steps to migrate these certificates are:

  1. Using ikeyman or gskkyman, export the certificate from the ikeyman or gskkyman key database file as a PKCS #12 export file and place it into the z/OS UNIX file system.
    Note: RACF® is not involved with this step.
  2. Export the file to an MVS™ data set, in this case MARKN.IMPORTED.CERT.
    OGET '/u/markn/cert.usercert' 'MARKN.IMPORTED.CERT' BINARY
  3. Add the certificate to the RACF database and assign it a user. Assume that ikeyman or gskkyman encrypted the certificate with the password xyz.
    RACDCERT ID(MARKN)
         ADD('MARKN.IMPORTED.CERT')
         WITHLABEL('Mark''s Personal Certificate')
         TRUST
         PASSWORD('xyz')
Now you can use the certificate on z/OS® as desired.

Important: Delete the ikeyman or gskkyman copy of the certificate so that the private key cannot be used inadvertently.

Parent topic: Implementation scenarios

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014