Creating a client certificate
|
1. |
Select Option 4 – Create New Certificate Requests. |
|
2. |
Select one of the certificate types like 1 – CA with 1024 RSA key |
|
3. |
Request file name like Client.arm |
|
4. |
Enter certificate information:
|
a. |
Common name like Client Certificate |
|
b. |
Organization Unit like BlueZone Software |
|
|
6. |
Sign the request by issuing: gskkyman -g -x 360 -cr Client.arm -ct Client.cer -k yourkey.kdb –l SigningCA
|
|
7. |
Enter yourkey.kdb password |
|
9. |
Select Option 2 – Open Database |
|
12. |
Option 5 – Receive Requested Certificate |
|
13. |
Enter the name of the certificate: Client.cer |
|
14. |
Option 1 – Manage Keys and Certificates |
|
16. |
Option 7 – Export Certificate and Key or Option 6 – No Key |
|
17. |
Option 3 or 4 PKCS #12 version 3 (if option 6 it will be PKCS #7) |
|
20. |
Enter 0 for export encryption |
|
22. |
FTP the p12 file to the PC using Binary if option 3 was used to export or ASCII if option 4 was used. |
|
23. |
Open a browser like IE:
|
a. |
Click Tools->Internet Options. |
|
f. |
Select file that was FTP'ed to the PC |
|
h. |
Enter certificate password and select Mark this key as exportable check box. |
|
j. |
Place in Personal store |
|
|
24. |
In BlueZone Open the Configuration dialog:
|
a. |
On the menu bar select Session:Configure:Configure |
|
b. |
Select the Security tab and select the Enable Secure Sockets Layer check box |
|
d. |
Select the Certificate tab and select Client Certificate in Disk File |
|
e. |
Browse and select Client.p12 file |
|
|
25. |
FTP Client.p12 back as an MVS dataset |
|
26. |
Go back to the mainframe |
|
27. |
Go to ISPF 6 to enter a TSO command |
|
28. |
Enter the RACF command: RACDCERT ID(USERID) ADD('USERID.CLIENT.P12') TRUST WITHLABEL('Client') PASSWORD(‘xxxxxxxx’)
|