1.

Select Option 4 – Create New Certificate Requests.

2.

Select one of the certificate types like 1 – CA with 1024 RSA key

3.

Request file name like Client.arm

4.

Enter certificate information: a. Common name like Client Certificate b. Organization Unit like BlueZone Software c. Organization like PD d. City e. State f. Country

5.

Exit gskkyman

6.

Sign the request by issuing: gskkyman -g -x 360 -cr Client.arm -ct Client.cer -k yourkey.kdb –l SigningCA

7.

Enter yourkey.kdb password

8.

gskkyman

9.

Select Option 2 – Open Database

10.

Yourkey.kdb

11.

Enter password

12.

Option 5 – Receive Requested Certificate

13.

Enter the name of the certificate: Client.cer

14.

Option 1 – Manage Keys and Certificates

15.

Select Client

16.

Option 7 – Export Certificate and Key or Option 6 – No Key

17.

Option 3 or 4 PKCS #12 version 3 (if option 6 it will be PKCS #7)

18.

File name Client.p12

19.

Enter password twice

20.

Enter 0 for export encryption

21.

Change to your PC

22.

FTP the p12 file to the PC using Binary if option 3 was used to export or ASCII if option 4 was used.

23.

Open a browser like IE: a. Click Tools->Internet Options. b. Contents tab c. Certificates button d. Import… e. Next f. Select file that was FTP'ed to the PC g. Next h. Enter certificate password and select Mark this key as exportable check box. i. Next j. Place in Personal store k. Next l. Finish

24.

In BlueZone Open the Configuration dialog: a. On the menu bar select Session:Configure:Configure b. Select the Security tab and select the Enable Secure Sockets Layer check box c. Select SSL v3 d. Select the Certificate tab and select Client Certificate in Disk File e. Browse and select Client.p12 file

25.

FTP Client.p12 back as an MVS dataset

26.

Go back to the mainframe

27.

Go to ISPF 6 to enter a TSO command

28.

Enter the RACF command: RACDCERT ID(USERID) ADD('USERID.CLIENT.P12') TRUST WITHLABEL('Client') PASSWORD(‘xxxxxxxx’)