Obtaining a user certificate

Before you can use the RECEIVE ORDER command, you must register to use IBM®’s server and obtain a certificate that identifies you to the server. You must use ShopzSeries to register, and the registration process generates a user certificate for you. Certificates have an expiration date and you will need to obtain a certificate once per year. A single certificate that is generated for you can be used for many PTF and HOLDDATA orders, and SMP/E will notify you when the certificate is about to expire and you need to obtain a new one. See IBM Software Shopz.

  1. If you are not yet a ShopzSeries user, register to become one.
  2. If you are, or have become a registered ShopzSeries user, logon and create a new order.
  3. Select z/OS Service and then "Service certificate" in the drop down list.
  4. On the next screen, select the "Certificate type," either a certificate with a 1024-bit RSA key, or a certificate with a 2048-bit RSA key, and then enter an encryption pass phrase. ShopzSeries uses this pass phrase to encrypt the PKCS12 package that contains your certificate and its associated private key. Remember this pass phrase because you will need to specify it again later when decrypting the package.
    Note: A PKCS12 package contains both a certificate and the associated private key of the certificate. Because a private key is sensitive and considered secret, the package must be encrypted to protect it. To encrypt the package, a one-time encryption key must be used. That encryption key is also known as the pass phrase. You specify a pass phrase (any phrase you will remember) in ShopzSeries when you request a certificate to be generated for you.
  5. Download to your workstation the generated PKCS12 certificate file as directed by ShopzSeries.

After downloading the certificate file to your workstation, you need to upload it to your z/OS® system and add the certificate to your security product data base. SMP/E obtains the certificate from your security product data base and uses it during communications with IBM’s Automated Delivery Request server.