Sample RACF batch job to configure certificates on a RACF system for Broadcom Internet Service Retrieval.
Release : 14.1
Component : CA RECEIVE ORDER
============== Sample Working RACF job/commands run on 9/1/2019 =============
//BATRACF JOB (11111111111),'RACF BATCH',MSGCLASS=W,CLASS=D,
// NOTIFY=&SYSUID
//SUBMIT EXEC PGM=IKJEFT01,REGION=0M
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
/* Create Keyring */
RACDCERT ID(USER002) ADDRING(SMPEring) /* Add user cert */
/* Add USER cert */
RACDCERT CERTAUTH ADD('USER002.SMPE.USER.CERTX') +
WITHLABEL('EAPI Cert') TRUST
/* Add CERTAUTH cert */
RACDCERT CERTAUTH ADD('USER002.digitcrt.certauth') +
WITHLABEL('Digicert CA certificate') TRUST
/* Connect user cert */
RACDCERT ID(USER002) CONNECT(CERTAUTH LABEL('EAPI Cert') +
RING(SMPEring) USAGE(CERTAUTH))
/* Connect CERTAUTH */
RACDCERT ID(USER002) +
CONNECT(CERTAUTH LABEL('Digicert CA certificate') +
RING(SMPEring) USAGE(CERTAUTH) )
/* List keyring */
RACDCERT listring(SMPEring)
RACDCERT LIST(LABEL('EAPI Cert')) CERTAUTH
RACDCERT LIST(LABEL('Digicert CA certificate')) CERTAUTH
/*
Job Output
/* Create Keyring */
READY
RACDCERT ID(USER002) ADDRING(SMPEring) /* Add user cert */
READY
/* Add USER cert */
READY
RACDCERT CERTAUTH ADD('USER002.SMPE.USER.CERTX') WITHLABEL('EAPI Cert') TRUST
IRRD199I Certificate with label 'EAPI Cert' is added for CERTAUTH.
IRRD119I Certificate Authority not defined to RACF. Certificate added with TRUST status.
READY
/* Add CERTAUTH cert */
READY
RACDCERT CERTAUTH ADD('USER002.digitcrt.certauth') WITHLABEL('Digicert CA certificate') TRUST
IRRD199I Certificate with label 'Digicert CA certificate' is added for CERTAUTH.
IRRD119I Certificate Authority not defined to RACF. Certificate added with TRUST status.
READY
/* Connect user cert */
READY
RACDCERT ID(USER002) CONNECT(CERTAUTH LABEL('EAPI Cert') RING(SMPEring) USAGE(CERTAUTH))
READY
/* Connect CERTAUTH */
READY
RACDCERT ID(USER002) CONNECT(CERTAUTH LABEL('Digicert CA certificate') RING(SMPEring) USAGE(CERTAUTH)
READY
/* List keyring */
READY
RACDCERT listring(SMPEring)
Digital ring information for user USER002:
Ring:
>SMPEring<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ------------ -------- -------
EAPI Cert CERTAUTH CERTAUTH NO
Digicert CA certificate CERTAUTH CERTAUTH NO
READY
END
RACDCERT LIST(LABEL('EAPI Cert')) CERTAUTH
Digital certificate information for CERTAUTH:
Label: EAPI Cert
Certificate ID: 2QiJmZmDhZmjgcXB18lAw4WZo0BA
Status: TRUST
Start Date: 2019/01/10 14:11:19
End Date: 2020/01/10 14:11:19
Serial Number:
>0669AAC1<
Issuer's Name:
>CN=CA Receive Order.OU=CA Receive Order<
Subject's Name:
>CN=connectUserId:USER002 siteID:2222226 sapID:11112.OU=CA.O=CA Inc.L=I<
>slandia.SP=NewYork.C=USA<
Signing Algorithm: sha256RSA
Key Type: RSA
Key Size: 2048
Private Key: NO
Ring Associations:
Ring Owner: USER002
Ring:
>SMPEring<
READY
RACDCERT LIST(LABEL('Digicert CA certificate')) CERTAUTH
Digital certificate information for CERTAUTH:
Label: Digicert CA certificate
Certificate ID: 2QiJmZmDhZmjgcSJh4mDhZmjQMPBQIOFmaOJhomDgaOF
Status: TRUST
Start Date: 2013/03/08 07:00:00
End Date: 2023/03/08 07:00:00
Serial Number:
>01FDA3EB6ECA75C888438B724BCFBC91<
Issuer's Name:
>CN=DigiCert Global Root CA.OU=www.digicert.com.O=DigiCert Inc.C=US<
Subject's Name:
>CN=DigiCert SHA2 Secure Server CA.O=DigiCert Inc.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Private Key: NO
Ring Associations:
Ring Owner: USER002
Ring:
>SMPEring<
READY
END