Sample JCL for Adding a Business Partner's Digital Certificate with CA ACF2

Using Digital Certificates › Digital Certificates and CA ACF2 › Add a Business Partner's CA ACF2 Digital Certificate › Sample JCL for Adding a Business Partner's Digital Certificate with CA ACF2
Sample JCL for Adding a Business Partner's Digital Certificate with CA ACF2

The following sample JCL shows how to add a business partner's digital certificates with CA ACF2. Modify the sample to suit the needs of your site.
//JOBNAME  JOB  (00000000),'BTE SSL SETUP',NOTIFY=xxxxxxx,MSGCLASS=X    00010002
//*                                                                            
//* After running job BTEACF2, the data set that is created in the              
//* EXPORT step should be transmitted to a remote site. This job               
//* illustrates how that data set can be used to install the                    
//* self-signed CA Tape Encryption certificate at the                  
//* remote site.                                                               
//*                                                                            
//* Step 1: Import the self-signed CA Tape Encryption                  
//*         digital certificate                                                
//*                                                                            
//*       This example assumes that your CA started task               
//*       is named "BES". If the started task name differs, change             
//*       "BES.TAPEREAD" to "xxxxxxx.TAPEREAD" where xxxxxxx is the name       
//*       of your CA started task.                                     
//*                                                                            
//BATCH1   EXEC PGM=ACFBATCH                                                   
//SYSPRINT DD  SYSOUT=*                                                        
//SYSUDUMP DD  SYSOUT=*                                                        
//SYSIN    DD  *                                                               
  SET PROFILE(USER) DIV(CERTDATA)                                              
  INSERT BES.TAPEREAD  DSN('BES.TAPE.ENCRYPT.STC.CERT') LABEL(BESCERT)         
//*                                                                            
//* Step 2: Create the CA Tape Encryption keyring                      
//*         and connect the certificate to it. If the KEYRING                  
//*         already exists, remove the INSERT command and just                 
//*         do the CONNECT.                                                    
//*                                                                            
//*       This example assumes that your CA started task               
//*       is named "BES". If the started task name differs, change             
//*       "BES.RING" to "xxxxxxx.RING" where xxxxxxx is the name               
//*       of your CA started task. Change "BES.TAPEREAD" on the        
//*       CONNECT command to "xxxxxxx.TAPEREAD" where xxxxxxx is the           
//*       name of your CA started task.                                
//*                                                                            
//BATCH2   EXEC PGM=ACFBATCH                                                   
//SYSPRINT DD  SYSOUT=*                                                        
//SYSUDUMP DD  SYSOUT=*                                                        
//SYSIN    DD  *                                                               
  SET PROFILE(USER) DIV(KEYRING)                                               
  INSERT BES.RING RINGNAME(BESRING)                                            
  CONNECT CERTDATA(BES.TAPEREAD) KEYRING(BES.RING) DEFAULT                     
//*                                                                            
//* Step 3: Authorize the CA Tape Encryption                           
//*         started task to be able to read certificates                       
//*         from the keyring                                                   
//*                                                                            
//* Note: Specify the CA-ACF2 UID value of the CA started task         
//*       in both RECKEY commands.                                             
//*                                                                            
//*       READ access to IRR.DIGTCERT.LISTRING is required to retrieve         
//*       certificates from a keyring that you own (for example, BES.RING).    
//*                                                                            
//*       UPDATE access to IRR.DIGTCERT.LISTRING is required to retrieve       
//*       certificates from a keyring that another user owns.                  
//*                                                                            
//BATCH3   EXEC PGM=ACFBATCH                                                   
//SYSPRINT DD  SYSOUT=*                                                        
//SYSUDUMP DD  SYSOUT=*                                                        
//SYSIN    DD  *                                                               
  SET RESOURCE(FAC)                                                            
  RECKEY IRR ADD(DIGTCERT.LIST UID(bes_uid) SERVICE(READ) ALLOW)             
  RECKEY IRR ADD(DIGTCERT.LISTRING UID(bes_uid) SERVICE(READ) ALLOW)          
//*                                                                            
//NOTIFY   EXEC PGM=NOTIFY,COND=EVEN,PARM=XXXXXXX                              
//
Tell Technical Publications how we can improve this information