** Plug in thr information in the lower case values.
** If the LABLCERT field is not used then the certificate label will default to the DIGICERT name. This is the best thing to do because it avoids the possibility of specifying the digicert name when the LABLNAME should be specified in application parmfile data. There may be applications that will require the certificate specific label. Follow the application documentation.
Create a CSR(Certificate Signing Request). This puts the certificate in a dataset in PKCS#10 format. PKCS#10 does not conatain the private key:
** Note: A message that indicates that the certificate was added with NOTRUST may occur. This would be because the signing CA certificate is not in the Top Secret Database yet. The following TSS REPLACE command should be issued:
TSS REPLACE(acid) DIGICERT(certS) TRUST
The above ADD command paired the keys and there is now a signed certificate with a private key.
Create the KEYRING:
TSS ADD(acid) KEYRING(keyring)
** If the LABLRING field in not used then the keyring label will default to the keyring name. There may be applications that require the keyring label be a specific value. Follow the application documentation.