How to extract an ACF2 SHA-2 Certificate into a .p12 file format for IDz.
searchcancel
How to extract an ACF2 SHA-2 Certificate into a .p12 file format for IDz.
book
Article ID: 131914
calendar_today
Updated On: 10-17-2023
Products
ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISC
Issue/Introduction
How to extract a z/OS SHA-2 Certificate from the ACF2 database into a file format with an extension of .p12 The extract process currently used creates the certificate into a dataset in a text readable format. Downloading and using this file does not work as it isn't in the required file format. This file is needed for IDz to communicate with z/OS.
Environment
Release: Component: ACF2MS
Resolution
The EXPORT subcommand is used in ACF2 to export an X.509 digital certificate from the CA ACF2 database and put it into a z/OS data set. The data set can be used to insert the certificate in another system. Conversely, the data set can be downloaded to a personal computer and installed in a web browser. If you send the exported certificate to others that receive messages from you signed with your private key, they can use the public key in the exported certificate to validate those messages. They cannot forge messages from you because they do not have your private key. Your public/private key pair can be exported using the PKCS12DER or PKCS12B64 format options. Using these options generates a PKCS #12 certificate package containing the user certificate, its private key, and all Certificate-Authority certificates necessary to complete the chain of certificates from user certificate to root CA certificate. To extract certificates into the .p12 format there are two options DER-encoded PKCS#12 certificate package or DER-encoded then base-64 encoded PKCS #12 certificate package.
For DER-encoded then base-64 encoded PKCS #12 certificate package the format of the command is:
ACF EXPORT {logonid|logonid.suffix} DSNAME('dsname.P12') FORMAT(PKCS12B64) PASSWORD(xxxxxxxx) END
For DER-encoded PKCS#12 certificate package the format is:
ACF EXPORT {logonid|logonid.suffix} DSNAME('dsname.P12') FORMAT(PKCS12DER) PASSWORD(xxxxxxxx) END
IDz requires FORMAT(PKCS12DER) - which is not in a text readable format