Release : 16.0

Component : CA ACF2 for z/OS

Generate the certificate using the GENCERT command. Then issue the GENREQ command to generate a certificate request to be sent to a Certification Authority. The GENREQ extracts the subjects distinguished name and the public key from the certificate and puts it in a dataset from which the request is sent to the Certification Authority:

   ACF
   GENCERT user01.CERT SUBJ(CN='hostname.company.com' OU='Business Unit' -
     O='Company Inc.' L='City') LABEL(DBServer)
   GENREQ dbserv.CERT DSN(‘hlq.dbserc.cert.request’)

   Note 1: Parameters specified in lower or mixed case are examples and should be set to meet site standards.

2. Submit the GENREQ request dataset (hlq.dbserc.cert.request) to a Third Party Certification Authority, which will create a new certificate with the same distinguished name and public key, but issued and signed by the Third Party Certification Authority. This example assumes the returned certificate that you have received from the Third Party Certification Authority now resides in the dataset ‘THIRD.PARTY.CERT’ on z/OS. This dataset will be INSERTed into the the ACF2 database on PROD and DEVELOPMENT lpars.

   Note: If the CA returns the signed certificate in a PKCS 7 certificate package, the signed certificate and its CA chain of CERTAUTH certificates will be included. The CA CERTAUTH certificates will be inserted along with the signed certificate and have a record id and label in the CERTAUTH.AUTOnnn format, where the nnn is a number from 0 through 1000.

   ACF
   SET PROFILE(USER) DIV(CERTDATA)
   INSERT user01.CERT DSN(‘THIRD.PARTY.CERT’) LABEL(DBServer)