Before you begin
You need to request a certificate authority (CA) certificate and a signed certificate for your server. If you plan to implement SSL client certificate support, you must also have CA certificates from each certificate authority that verifies your client certificates. Additionally, you must have a user ID with the authority to use the RACDCERT command in the Resource Access Control Facility (RACF) (for example, SPECIAL authority).Why and when to perform this task
Complete the following steps for RACF to authorize the server to use digital certificates. SSL uses digital certificates and public and private keys. If your application server uses Secure Sockets Layer (SSL), you must use RACF to store digital certificates, and you must use \public and private keys for the user identities under which the server controllers run.Steps for this task
RACDCERT ADDRING(ACRRING) ID(ASCR1)
RACDCERT ID (ASCR1) ADD('ASCR1.CA') WITHLABEL('ACRCERT') PASSWORD('password')
RACDCERT ID(ASCR1) CONNECT (ID(ASCR1) LABEL('ACRCERT') RING(ACRRING) DEFAULT)
RACDCERT ADD('USER.CLIENT1.CA') WITHLABEL('CLIENT1 CA') CERTAUTH
Connect each client's certificate authority (CA) certificate to the controller user ID's key ring.
Example: Connect the CLIENT1 CA certificate to the ring ACRRING owned by ASCR1.
RACDCERT ID(ASCR1) CONNECT(CERTAUTH LABEL('CLIENT1 CA') RING(ACRRING))
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(ASCR1) ACC(READ) PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(ASCR1) ACC(READ)
What to do next
You are done with the RACF phase when the RACF commands succeed.