Convert RACF commands to TSS commands for Simple Logon Digital Certificate Setup
Article ID: 114872
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Convert RACF commands to TSS commands for Simple Logon Digital Certificate Setup.
Environment
Release:
Component: TSSLDP
Component: TSSLDP
Resolution
//**********************************************************************************************************************
//The RACF commands necessary to run the SSLOnlyWAR sample contained within the
//SimpleLoginEAR.
//**********************************************************************************************************************
//Permit the Liberty server id MSTONE1 to the FACILITY class IRR.DIGTCERT.LISTRING
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(MSTONE1) ACCESS(READ)
TSS PER(MSTONE1) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(READ)
SETROPTS RACLIST(FACILITY) REFRESH
*Not needed in TSS
//Create a keyring called LibertyKeyring
RACDCERT ADDRING(LibertyKeyring) ID(MSTONE1)
TSS ADD(MSTONE1) KEYRING(LIBYRING) LABLRING(LibertyKeyring)
//Create the Signing CERTAUTH certificate
RACDCERT CERTAUTH GENCERT SUBJECTSDN(CN('LibertyCA') OU('LIBERTY'))
TSS GENCERT(CERTAUTH) DIGICERT(LIBTYCA) SUBJECTN('CN="LibertyCA" OU="LIBERTY"') -
LABLCERT('LibertyCA.LIBERTY') TRUST NADATE(12/31/2030)
//Create your personal certificate signed by LibertyCA.LIBERTY
RACDCERT ID(MSTONE1) GENCERT SUBJECTSDN(CN('boss0181.pok.ibm.com') O('IBM') OU('LIBERTY'))
WITHLABEL('DefaultCert.LIBERTY') SIGNWITH(CERTAUTH LABEL('LibertyCA.LIBERTY')) TRUST
NOTAFTER(DATE(2030/12/31)
TSS GENCERT(CERTSITE) DIGICERT(LIBTYCLT) LABLCERT('DefaultCert.LIBERTY') -
SIGNWITH(CERTAUTH,LIBTYCA) TRUST NADATE(12/31/2030)
//Connect the signer certificate LibertyCA.LIBERTY to the keyring LibertyKeyring with usage CERTAUTH
RACDCERT ID(MSTONE1) CONNECT(CERTAUTH LABEL('LibertyCA.LIBERTY') RING(LibertyKeyring)
USAGE(CERTAUTH)
TSS ADD(MSTONE1) KEYRING(LIBYRING) RINGDATA(CERTAUTH,LIBTYCA) USAGE(CERTAUTH)
//Connect the personal certificate DefaultCert.LIBERTY to the keyring LibertyKeyring with usage
//PERSONAL
RACDCERT ID(MSTONE1) CONNECT(ID(MSTONE1) LABEL('DefaultCert.LIBERTY') RING(LibertyKeyring)
USAGE(PERSONAL)
TSS ADD(MSTONE1) KEYRING(LIBYRING) RINGDATA(CERTSITE,LIBTYCLT) USAGE(PERSONAL)
//The RACF commands necessary to run the SSLOnlyWAR sample contained within the
//SimpleLoginEAR.
//**********************************************************************************************************************
//Permit the Liberty server id MSTONE1 to the FACILITY class IRR.DIGTCERT.LISTRING
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(MSTONE1) ACCESS(READ)
TSS PER(MSTONE1) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(READ)
SETROPTS RACLIST(FACILITY) REFRESH
*Not needed in TSS
//Create a keyring called LibertyKeyring
RACDCERT ADDRING(LibertyKeyring) ID(MSTONE1)
TSS ADD(MSTONE1) KEYRING(LIBYRING) LABLRING(LibertyKeyring)
//Create the Signing CERTAUTH certificate
RACDCERT CERTAUTH GENCERT SUBJECTSDN(CN('LibertyCA') OU('LIBERTY'))
TSS GENCERT(CERTAUTH) DIGICERT(LIBTYCA) SUBJECTN('CN="LibertyCA" OU="LIBERTY"') -
LABLCERT('LibertyCA.LIBERTY') TRUST NADATE(12/31/2030)
//Create your personal certificate signed by LibertyCA.LIBERTY
RACDCERT ID(MSTONE1) GENCERT SUBJECTSDN(CN('boss0181.pok.ibm.com') O('IBM') OU('LIBERTY'))
WITHLABEL('DefaultCert.LIBERTY') SIGNWITH(CERTAUTH LABEL('LibertyCA.LIBERTY')) TRUST
NOTAFTER(DATE(2030/12/31)
TSS GENCERT(CERTSITE) DIGICERT(LIBTYCLT) LABLCERT('DefaultCert.LIBERTY') -
SIGNWITH(CERTAUTH,LIBTYCA) TRUST NADATE(12/31/2030)
//Connect the signer certificate LibertyCA.LIBERTY to the keyring LibertyKeyring with usage CERTAUTH
RACDCERT ID(MSTONE1) CONNECT(CERTAUTH LABEL('LibertyCA.LIBERTY') RING(LibertyKeyring)
USAGE(CERTAUTH)
TSS ADD(MSTONE1) KEYRING(LIBYRING) RINGDATA(CERTAUTH,LIBTYCA) USAGE(CERTAUTH)
//Connect the personal certificate DefaultCert.LIBERTY to the keyring LibertyKeyring with usage
//PERSONAL
RACDCERT ID(MSTONE1) CONNECT(ID(MSTONE1) LABEL('DefaultCert.LIBERTY') RING(LibertyKeyring)
USAGE(PERSONAL)
TSS ADD(MSTONE1) KEYRING(LIBYRING) RINGDATA(CERTSITE,LIBTYCLT) USAGE(PERSONAL)
Feedback
Yes
No
Powered by
