About this task
To generate integration node certificates, take the following
steps:
- Create the RACF CA signer
certificate. This self-signed certificate is used to sign any other
personal certificates created or requested in RACF. This step is required once.
- Export the RACF CA signer
certificate in CERTDER format. This certificate must be extracted
without private keys; CERTDER is a binary format that guarantees that
no private keys are exported.
- Create the integration node personal certificate. A copy of the
certificate and of the private keys is maintained in RACF for future reissue or validation. This
certificate must be associated with the integration node user ID.
Create a personal certificate for each integration node or integration
server for which you want to enable SSL.
- Export the integration node personal certificate in PKCS12DER
format. PKCS12DER is a password-protected, binary format that contains
the integration node certificate and its private keys. You will later
import it into the integration node keystore; see Create and initialize the integration node keystore and truststore (z/OS).
Example commands for each step are as follows: