RACF JCL for FTP commands to Top Secret commands
book
Article ID: 113733
calendar_today
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
The following Racf Jobs for FTP certificates need the RACF commands converted to Top Secret commands.
//RACFTPS1 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT CERTAUTH GENCERT +
SUBJECTSDN( +
CN('FTPS CA CERT ZDSS1') +
O('OMVSKERN') L('BLR') C('IN') ) +
TRUST +
SIZE(1024) +
NOTBEFORE(DATE(2013-04-15)) +
NOTAFTER(DATE(2023-04-15)) +
WITHLABEL('FTPS CA CERT') +
KEYUSAGE(CERTSIGN)
//RACFTPS2 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT ID(OMVSKERN) GENCERT +
SUBJECTSDN( +
CN('FTPS SERV CERT ZDSS1') +
O('OMVSKERN') L('BLR') C('IN') ) +
SIZE(1024) +
NOTBEFORE(DATE(2013-04-15)) +
NOTAFTER(DATE(2023-04-15)) +
WITHLABEL('FTPS SERV CERT') +
KEYUSAGE(HANDSHAKE DATAENCRYPT DOCSIGN) +
SIGNWITH(CERTAUTH LABEL('FTPS CA CERT'))
/*
//RACFTPS4 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *,DLM=@@
/******************************************************
/* ADD A KEYRING CALLED FTPSRING *
/******************************************************
RACDCERT ID(OMVSKERN) ADDRING(FTPSRING)
/******************************************************
/* CONNECT THE CA CERTIFICATE TO FTPSRING KEYRING *
/******************************************************
RACDCERT ID(OMVSKERN) +
CONNECT(CERTAUTH LABEL('FTPS CA CERT') +
RING(FTPSRING) )
/******************************************************
/* CONNECT THE FTP SERVER CERTIFICATE TO FTPSRING *
/* KEYRING *
RACDCERT ID(OMVSKERN) +
CONNECT(LABEL('FTPS SERV CERT') +
RING(FTPSRING) +
DEFAULT)
/******************************************************
/* LIST THE CONTENTS OF FTPSRING KEYRING *
/******************************************************
RACDCERT ID(OMVSKERN) LISTRING(FTPSRING)
@@
//RACFTPS3 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT CERTAUTH +
EXPORT(LABEL('FTPS CA CERT')) +
DSN('ZDSS1.FTPS.CACERT.B64') +
FORMAT(CERTB64)
/*
Environment
Release:
Component: TSSMVS
Resolution
//RACFTPS1 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT CERTAUTH GENCERT +
SUBJECTSDN( +
CN('FTPS CA CERT ZDSS1') +
O('OMVSKERN') L('BLR') C('IN') ) +
TRUST +
SIZE(1024) +
NOTBEFORE(DATE(2013-04-15)) +
NOTAFTER(DATE(2023-04-15)) +
WITHLABEL('FTPS CA CERT') +
KEYUSAGE(CERTSIGN)
TSS GENCERT(CERTAUTH) DIGICERT(FTPSCA) SUBJECTN('CN="FTPS CA CERT" O="OMVSKERN" L="'BLR" C="IN" ') KEYSIZE(1024) NADATE(04/15/2013) KEYUSAGE(CERTSIGN) LABLCERT('FTPS CA CERT')
-----------------------------------------------------------------------------------------------------------------------------------
//RACFTPS2 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT ID(OMVSKERN) GENCERT +
SUBJECTSDN( +
CN('FTPS SERV CERT ZDSS1') +
O('OMVSKERN') L('BLR') C('IN') ) +
SIZE(1024) +
NOTBEFORE(DATE(2013-04-15)) +
NOTAFTER(DATE(2023-04-15)) +
WITHLABEL('FTPS SERV CERT') +
KEYUSAGE(HANDSHAKE DATAENCRYPT DOCSIGN) +
SIGNWITH(CERTAUTH LABEL('FTPS CA CERT'))
/*
TSS GENCERT(OMVSKERN) DIGICERT(FTPSSERV) SUBJECTN('CN="FTPS SERV CERTZDSS1" O="OMVSKERN" L="BLR" C="IN" ') KEYSIZE(1024) NADATE(04/15/2023) LABLCERT('FTPS SERV CERT') KEYUSAGE('HANDSHAKE DATAENCRYPT DOCSIGN') SIGNWITH(CERTAUTH,FTPSCA)
-------------------------------------------------------------------------------------------------------------------------------------
//RACFTPS4 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *,DLM=@@
/******************************************************
/* ADD A KEYRING CALLED FTPSRING *
/******************************************************
RACDCERT ID(OMVSKERN) ADDRING(FTPSRING)
/******************************************************
/* CONNECT THE CA CERTIFICATE TO FTPSRING KEYRING *
/******************************************************
RACDCERT ID(OMVSKERN) +
CONNECT(CERTAUTH LABEL('FTPS CA CERT') +
RING(FTPSRING) )
/******************************************************
/* CONNECT THE FTP SERVER CERTIFICATE TO FTPSRING *
/* KEYRING *
RACDCERT ID(OMVSKERN) +
CONNECT(LABEL('FTPS SERV CERT') +
RING(FTPSRING) +
DEFAULT)
/******************************************************
/* LIST THE CONTENTS OF FTPSRING KEYRING *
/******************************************************
RACDCERT ID(OMVSKERN) LISTRING(FTPSRING)
@@
TSS ADD(OMVSKERN) KEYRING(FTPSRING)
TSS ADD(OMVSKERN) KEYRING(FTPSRING) RINGDATA(CERTAUTH,FTPSCA) USAGE(CERTAUTH)
TSS ADD(OMVSKERN) KEYRING(FTPSRING) RINGDATA(OMVSKERN,FTPSSERV) USAGE(PERSONAL) DEFAULT
TSS LIST(OMVSKERN) KEYRING(FTPSRING)
---------------------------------------------------------------------------------------------------------------------------------------
//RACFTPS3 JOB (12345),ZZBXR,
// CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT CERTAUTH +
EXPORT(LABEL('FTPS CA CERT')) +
DSN('ZDSS1.FTPS.CACERT.B64') +
FORMAT(CERTB64)
TSS EXPORT(CERTAUTH) DIGICERT(FTPSCA) LABLCERT('FTPS CA CERT') DCDSN('ZDSS1.FTPS.CACERT.B64') FORMAT(CERTB64)
Feedback
thumb_up
Yes
thumb_down
No