BlueZone Security ServerEnabling SSL on z/OSCreating client certificates

Creating client certificates

  1. Select Option 4 to create new certificate requests.
  2. Select one of the certificate types, for example, 1 – CA with 1024 RSA key.
  3. Request a file name, for example, Client.arm.
  4. Enter the certificate information:
    1. Common name, for example, Client Certificate
    2. Organization Unit, for example, Rocket Software
    3. Organization like PD
    4. City
    5. State
    6. Country
  5. Exit gskkyman.
  6. Sign the request by issuing the following command:
    gskkyman -g -x 360 -cr Client.arm -ct Client.cer -k yourkey.kdb –l SigningCA
  7. Enter yourkey.kdb password.
  8. gskkyman
  9. Select Option 2 to open a database.
  10. Yourkey.kdb
  11. Enter the password
  12. Select Option 5 to receive the requested certificate.
  13. Enter the name of the certificate file: Client.cer
  14. Select Option 1 to manage the keys and certificates.
  15. Select Client.
  16. Select Option 7 to export the certificate and key or Option 6 to export the certificate without a key.
  17. Select Option 3 or Option 4 PKCS #12 version 3 (if option 6 it will be PKCS #7)
  18. File name Client.p12.
  19. Enter password twice.
  20. Enter 0 for export encryption
  21. Change to your PC
  22. FTP the p12 file to the PC using Binary if option 3 was used to export or ASCII if option 4 was used.
  23. Open Internet Explorer:
    1. Click ToolsInternet Options.
    2. Select the Contents tab
    3. Click Certificates.
    4. Click Import.
    5. Click Next.
    6. Select the file that was FTPed to the PC.
    7. Click Next.
    8. Enter the certificate password and select the Mark this key as exportable check box.
    9. Click Next.
    10. Place the certificate in the personal store.
    11. Click Next.
    12. Click Finish.
  24. Open a BlueZone Display:
    1. Click SessionConfigure.
    2. Click Properties.
    3. Select the Security tab and select the Enable Secure Sockets Layer check box
    4. Select SSL v3.
    5. Select the Certificate tab and select the Client Certificate in Disk File radio button.
    6. Click Browse and select the Client.p12 file.
  25. FTP Client.p12 back as an MVS dataset.
  26. Go back to the Mainframe Display.
  27. Go to ISPF 6 to enter a TSO command.
  28. Enter the following RACF command:
    RACDCERT ID(USERID) ADD('USERID.CLIENT.P12') TRUST WITHLABEL('Client') PASSWORD(‘xxxxxxxx’)
Parent topic: Enabling SSL on z/OS