|
|
|
If you are running IBM Security Server RACF at your site and you receive a digital certificate that was generated by a business partner, use the following sample commands to define and add the certificate to the user task and CA Tape Encryption started task on your system.
If the remote security system is not using IBM Secure Server RACF, CA Top Secret, or CA ACF2, ensure the certificate is a DER encoded X.509 certificate that is in Base64 format (CERTB64).
Note: The sample commands in this example may vary at your site depending on your naming conventions and environment. Adjust the commands according to your site standards and environment.
To add a business partner's digital certificate using IBM Security Server RACF
RACDCERT ID(USERA) ADD('BES.TAPEENCRYPTION.CERT') -
WITHLABEL('BESCERT') TRUST
The certificate is imported.
RACDCERT ID(USERA) ADDRING(BESRING)
The key ring is created.
RACDCERT ID(USERA) CONNECT(LABEL('BESCERT') RING(BESRING))
The certificate is attached to the key ring.
PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) - ID(USERA) ACCESS(UPDATE) PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) - ID(USERA) ACCESS(UPDATE) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) - ID(USERA) ACCESS(UPDATE)
Note: If the CA Encryption Key Manager is being used, CONTROL access is required to IRR.DIGTCERT.GENCERT and UPDATE access is required to IRR.DIGTCERT.LISTRING.
The user task or started task now has the appropriate permissions.
BES=(RSA(BESRING):BESCERT,AES128)
In this example, the specific certificate BESCERT will be searched for on key ring BESRING.
The DFSMS data class is created.
Note: For more information about the commands in the example, see IBM's z/OS Security Server RACF Command Language Reference.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |