Steps to begin using a supplied CA certificate

Perform the following steps to begin using a supplied certificate-authority certificate.

For additional steps to begin using the STG Code-Signing Certificate Authority, see Steps for preparing RACF to verify signed programs (one-time setup).

Determine which of the supplied certificates you want to use.
You can issue the following command to view the current certificate information listing for all certificate-authority certificates on your system, or see Listings of RACF supplied certificates for a listing of each supplied certificate.
Example:
```
RACDCERT CERTAUTH LIST
```
______________________________________________________________________
Modify each certificate to add the TRUST attribute.
Example:
```
RACDCERT CERTAUTH ALTER(LABEL('Verisign Class 3 Primary CA')) TRUST
```
______________________________________________________________________
Add a key ring for your server application, such as your Web server.
Example:
```
RACDCERT ADDRING(SSLring) ID(WEBSRV) 
```
______________________________________________________________________
Add each of your selected certificates to the key ring.
Example:
```
RACDCERT ID(WEBSRV) CONNECT(CERTAUTH LABEL('Verisign Class 3 Primary CA')
   RING(CARING)
```
Repeat this step for each certificate you want your server to accept.
______________________________________________________________________
Unless already done, generate or acquire a certificate and private key for your server. Certificates can be generated using a product such as z/OS Security Server PKI Services, or by RACF® using the RACDCERT GENCERT command.
______________________________________________________________________