Perform the following steps to begin using a supplied certificate-authority
certificate.
For additional steps to begin using the STG Code-Signing Certificate Authority, see Steps for preparing RACF to verify signed programs (one-time setup).
- Determine which of the supplied certificates you want to use.
You
can issue the following command to view the current certificate information
listing for all certificate-authority certificates on your system,
or see Listings of RACF supplied certificates for a listing of each supplied
certificate.
Example:
RACDCERT CERTAUTH LIST
______________________________________________________________________
- Modify each certificate to add the TRUST attribute.
Example:
RACDCERT CERTAUTH ALTER(LABEL('Verisign Class 3 Primary CA')) TRUST
______________________________________________________________________
- Add a key ring for your server application, such as your Web server.
Example:
RACDCERT ADDRING(SSLring) ID(WEBSRV)
______________________________________________________________________
- Add each of your selected certificates to the key ring.
Example:
RACDCERT ID(WEBSRV) CONNECT(CERTAUTH LABEL('Verisign Class 3 Primary CA')
RING(CARING)
Repeat this step for each certificate you
want your server to accept.
______________________________________________________________________
- Unless already done, generate or acquire a certificate and private
key for your server. Certificates can be generated using a product
such as z/OS Security Server PKI Services, or by RACF® using the RACDCERT GENCERT
command.
______________________________________________________________________