RACF changes

Add Root certificate - if not already available:

RACDCERT CERTAUTH ADD('your CA dataset name') TRUST -  withlabel(''your CA label' ')

Add Server certificate, if not already available:

RACDCERT ID(TN3270) ADD('your datasetname') TRUST -  WITHLABEL('your label') PASSWORD('password')

Create RACF keyring:

RACDCERT ID(TN3270) ADDRING('your RACF keyring name')

Add certificates to the keyring:

RACDCERT ID(TN3270) CONNECT(CERTAUTH) - LABEL('your CA label')  RING('your RACF keyring name')  -USAGE(CERTAUTH))

RACDCERT ID(TN3270) CONNECT(ID(TN3270)  - LABEL('your label') -RING('your RACF keyring name') DEFAULT USAGE(PERSONAL))

For testing, a self-signed client certificate has been created:

RACDCERT ID('RACF userid') -    

GENCERT -                              

SUBJECTSDN(CN('Name of User') -           

		O('Name of Organization') -      

		C('US'))                    -      

WITHLABEL('BlueZone Client for Username') - 

SIGNWITH(CERTAUTH LABEL(''your CA label'))

RACDCERT EXPORT(LABEL('BlueZone Client for Name of User')) - 

ID('RACF userid') -          

DSN('your dataset name') -            

PASSWORD('client password') -     

FORMAT(PKCS12DER)

This data set is then sent using FTP to the user's machine and imported into their personal certificate store.