|
|
|
If you are running CA Top Secret at your site and you receive a digital certificate that was generated by a business partner using CA Top Secret, CA ACF2, or IBM Security Server RACF, use the following sample commands to define and add the certificate to the user task and CA Tape Encryption started task on your system.
If the remote security system is not using CA Top Secret, CA ACF2, or IBM Secure Server RACF, ensure the certificate is a DER encoded X.509 certificate that is in Base64 format (CERTB64).
Note: The sample commands in this example may vary at your site depending on your naming conventions and environment. Adjust the commands according to your site standards and environment.
To add a business partner's digital certificate using CA Top Secret
TSS ADD(USERA) DIGTCERT(BESCERT) DCDSN(BES.STARTED.TASK.CERT) TRUST
The digital certificate from the business partner is imported into CA Top Secret.
TSS ADD(USERA) KEYRING(BESRING)
The key ring is created.
TSS ADD(USERA) KEYRING(BESRING) RINGDATA(CERTSITE,BESCERT) USEAGE(PERSONAL)
The certificate is connected to the key ring.
TSS PER(USERA) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE) TSS PER(USERA) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE) TSS PER(USERA) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE)
Note: If the CA Encryption Key Manager is being used, CONTROL access is required to IRR.DIGTCERT.GENCERT and UPDATE access is required to IRR.DIGTCERT.LISTRING.
The CA Tape Encryption started task's region ACID now has the appropriate permissions.
Note: For more information about the commands in the example, see the CA Top Secret Security for z/OS Cookbook.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |