Creating the certificates and key rings
This section documents the steps required to create the certificates and key rings necessary for z/OS® users of Advanced Message Security, using a RACF® Certificate Authority (CA).
Resolving problems with certificates when using Advanced Message Security on z/OS
If you are having problems with certificate and missing entries in key stores we can enable a GSKIT trace.
In the //ENVARS file add:GSK_TRACE_FILE=/u/... /gsktrace GSK_TRACE=0xffSee Environment variables in z/OS Cryptographic Services System SSL Programming for more information.
For every access to the keystore, data is written to the trace file specified in the GSK_TRACE_FILE file.
To format the trace file use the command:gsktrace inputtrace file > output_file
Scenario
A scenario of a sending application and a receiving application is used to explain the required steps.
In the examples that follow, user1 is the originator of a message and user2 is the recipient. The user ID of the Advanced Message Security address space is WMQAMSD.
All of the commands in the examples shown here are issued from ISPF option 6 by the administrative user ID admin.