search cancel

How to have a certificate signed by a 3rd party

book

Article ID: 190161

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

 Example for setting up a certificate along with the signing chain of certificates(CERTAUTH) using a third party certificate provider.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Generate the certificate using the GENCERT command. Then issue the GENREQ command to generate a certificate request to be sent to a Certification Authority. The GENREQ extracts the subjects distinguished name and the public key from the certificate and puts it in a dataset from which the request is sent to the Certification Authority:


   ACF
   GENCERT user01.CERT SUBJ(CN='hostname.company.com' OU='Business Unit' -
     O='Company Inc.' L='City') LABEL(DBServer)
   GENREQ dbserv.CERT DSN(‘hlq.dbserc.cert.request’)


   Note 1: Parameters specified in lower or mixed case are examples and should be set to meet site standards.


2. Submit the GENREQ request dataset (hlq.dbserc.cert.request) to a Third Party Certification Authority, which will create a new certificate with the same distinguished name and public key, but issued and signed by the Third Party Certification Authority. This example assumes the returned certificate that you have received from the Third Party Certification Authority now resides in the dataset ‘THIRD.PARTY.CERT’ on z/OS. This dataset will be INSERTed into the the ACF2 database on PROD and DEVELOPMENT lpars.


   Note: If the CA returns the signed certificate in a PKCS 7 certificate package, the signed certificate and its CA chain of CERTAUTH certificates will be included. The CA CERTAUTH certificates will be inserted along with the signed certificate and have a record id and label in the CERTAUTH.AUTOnnn format, where the nnn is a number from 0 through 1000.


   ACF
   SET PROFILE(USER) DIV(CERTDATA)
   INSERT user01.CERT DSN(‘THIRD.PARTY.CERT’) LABEL(DBServer)