Create a RACF signed personal certificate

 

RACF can function as a Certification Authority and issue its own CA certificate. This section uses the term signer certificate to denote a CA certificate issued by RACF.

The private key for the signer certificate must be in the RACF database before you carry out the following procedure:

1. Use the following command to generate a personal certificate signed by RACF, using the signer certificate contained in your RACF database:

   RACDCERT ID(userid2) GENCERT
   SUBJECTSDN(CN('common-name')
              T('title')
              OU('organizational-unit')
              O('organization')
              L('locality')
              SP('state-or-province')
              C('country'))
   WITHLABEL('label-name')
   SIGNWITH(CERTAUTH LABEL('signer-label'))

2. Connect the certificate to your key ring using the following command:

   RACDCERT ID(userid1)
   CONNECT(ID(userid2) LABEL('label-name') RING(ring-name) USAGE(PERSONAL))

where:

• userid1 is the user ID of the channel initiator address space or owner of the shared key ring.

• userid2 is the user ID associated with the certificate.

• ring-name is the name you gave the key ring in Set up a key repository.

• label-name must be in the correct WebSphere MQ format for a queue manager: ibmWebSphereMQ followed by the name of your queue manager, for example, ibmWebSphereMQCSQ1.

• signer-label is the label of your own signer certificate.

Note that userid1 and userid2 can be the same ID.

 

Parent topic:

Obtaining personal certificates

sy12560_