Use the following steps to add a Certificate Authority Root and Personal Certificates to the Host.
Create a self-signed certificate and key pair for the DCAS server:
RACDCERT ID(dcasid)
GENCERT SUBJECTSDN(CN('labelname') C('us'))
WITHLABEL('labelname')
where dcasid is the name of the user ID.
Create a certificate request for a Certificate Authority (CA) by issuing RACDCERT GENREQ against the self-signed certificate:
RACDCERT ID(dcasid)
GENREQ(LABEL('labelname'))
DSN(labelname.certreqname)
where dcasid is the name of the user ID.
Send the certificate request to a Certificate Authority.
When you receive the DCAS server certificate from the Certificate Authority, transfer the file to the DCAS host.
If RACF does not already have the root certificate for the Certificate Authority, then you need to get it in .DER format, and add it to RACF using this command:
RACDCERT CERTAUTH ADD(caroot.der)
TRUST WITHLABEL('caroot')Add the DCAS server certificate from the Certificate Authority back into RACF:
RACDCERT ID(dcasid) ADD(certname) WITHLABEL('certname')
where dcasid is the name of the user ID.
Connect the CA root certificate to the key ring with usage CERTAUTH:
RACDCERT ID(dcasid)
CONNECT(CERTAUTH LABEL('caroot')
RING(SERVERKeyring)
USAGE(CERTAUTH) DEFAULT)
where dcasid is the name of the user ID.
Connect the DCAS server certificate to the key ring with usage PERSONAL:
RACDCERT ID(dcasid) CONNECT(ID(dcasid) LABEL('certname') RING(SERVERKeyring) USAGE(PERSONAL) DEFAULT)
where dcasid is the name of the user ID.