Steps for migrating an existing key database to a RACF key ring
The IKE daemon and NSS server require the ability to retrieve digital certificates associated with a particular identity from a RACF® key ring, and to perform operations with the associated private key.
Before you begin
Procedure
Perform the following steps to migrate keys and certificates that are stored in an existing z/OS® key database into a RACF key ring:
- Using gskkyman, export the certificate and private key to a password-protected PKCS#12 file. For details on copying a certificate with its private key, see z/OS Cryptographic Services System SSL Programming.
- Copy the newly created PKCS#12 file to an MVS™ data set.
- Use the RACDCERT command with the ADD operand to define a certificate and private key. The data set name that was created in step 2 contains the certificate.
- Use the RACDCERT command with the ADDRING operand to create a new key ring in RACF.
- Use the RACDCERT command with the CONNECT operand to add the certificate and private key to one or more existing RACF key rings.