- Add Root certificate - if not already
available:
RACDCERT CERTAUTH ADD('your CA dataset name') TRUST - withlabel('your CA label ')
- Add Server certificate, if not already
available:
RACDCERT ID(TN3270) ADD('your datasetname') TRUST - WITHLABEL('your label')
PASSWORD('password')
- Create RACF keyring:
RACDCERT ID(TN3270) ADDRING('your RACF keyring name')
- Add certificates to the
keyring:
RACDCERT ID(TN3270) CONNECT(CERTAUTH) - LABEL('your CA label') RING('your RACF
keyring name') -USAGE(CERTAUTH))
RACDCERT ID(TN3270) CONNECT(ID(TN3270) - LABEL('your label') -RING('your RACF
keyring name') DEFAULT USAGE(PERSONAL))
- For testing, a self-signed client certificate was created:
RACDCERT ID('RACF userid') -
GENCERT -
SUBJECTSDN(CN('Name of User') -
O('Name of Organization') -
C('US')) -
WITHLABEL('BlueZone Client for Username') -
SIGNWITH(CERTAUTH LABEL(''your CA label'))
RACDCERT EXPORT(LABEL('BlueZone Client for Name of User')) -
ID('RACF userid') -
DSN('your dataset name') -
PASSWORD('client password') -
FORMAT(PKCS12DER)
Using FTP, this data set is sent
to the user's machine and imported into their personal certificate
store.