Working with Certificate Name Filters (CNFs)

Working with Certificate Name Filters (CNFs)

When an entity at one end of an SSL channel receives a certificate from a remote connection, the entity asks RACF if there is a user ID associated with that certificate. The entity uses that user ID as the channel user ID. If there is no user ID associated with the certificate, the entity uses the user ID under which the channel initiator is running. For more information about which user ID is used, refer to the WebSphere MQ for z/OS System Setup Guide.
There are two ways to associate a user ID with a certificate:

Install that certificate into the RACF database under the user ID with which you wish to associate it, as described in Adding personal certificates to a key repository.
Use a Certificate Name Filter (CNF) to map the Distinguished Name of the subject or issuer of the certificate to the user ID, as described in Set up a CNF.

Set up a CNF

Parent topic:
Working with the Secure Sockets Layer (SSL) on z/OS

sy12650_