What are the ACF2 equivalent to RACF:
a- Keyring User Name
b- Keyring Name
c- Certificate Alias.
Release : 16.0
Component : CA ACF2 for z/OS
The ACF2 equivalent to RACF:
a- Keyring User Name
b- Keyring Name
c- Certificate Alias
are shown in the following examples.
The term LABEL is used by RACF and ALIAS is used by JKS to reference the same artifact, therefore the phrase label or alias can be used interchangeably.
For example, for a GENCERT:
RACDCERT GENCERT CERTAUTH SUBJECTSDN(CN('CA for zosConnect') O('IBM') OU('zosConnect') C('US')) SIZE(2048) WITHLABEL('zosConnectCA') NOTAFTER(DATE(2029-12-31))
The ACF2 equivalent GENCERT is:
GENCERT CERTAUTH.zosConn SUBJ(CN='CA for zosConnect' O='IBM' OU='zosConnect' C=US) SIZE(2048) LABEL(zosConnectCA) EXPIRE(12/31/2029)
The command uses the following values:
CN('CA for zosConnect') O('IBM') OU('zosConnect') C('US') is an example distinguished name (DN) for the certificate.
c- Certificate Alias => zosConnectCA is the label or alias of the certificate.
For example, for a CONNECT:
RACDCERT ID(ZCSERV1) CONNECT(RING(Keyring.ZOSCONN) LABEL('zosConnectCA') CERTAUTH)
The ACF2 equivalent CONNECT is:
CONNECT USERID(ZCSERV1.cert) LABEL(zosConnectCA) KEYRING(ZCSERV1.ring) RINGNAME(Keyring.ZOSCONN) USAGE(CERTAUTH)
The command uses the following values:
a- Keyring User Name => ZCSERV1 is the user ID that owns the key ring(ACF2 KEYRING record name is in the format of userid.suffix).
b- Keyring Name => Keyring.ZOSCONN is the name of the key ring(ACF2 RINGNAME).
c- Certificate Alias => zosConnectCA is the label or alias of the certificate to be connected to the key ring(ACF2 certifcate LABEL).