ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

RACF Certificate commands to Top Secret Commands

book

Article ID: 200681

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

 Convert RACF commands to create certificates.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

RACDCERT CERTAUTH GENCERT SUBJECTSDN(CN('CDPz CA Certification')) 
         WITHLABEL('HBOCA') TRUST NOTAFTER(DATE(2023/12/31))      
***Create the Certificate Authority certificate***

TSS GENCERT(CERTAUTH) DIGICERT(HBOCA) SUBJECTN('CN="CDPz CA Certification"') LABLCERT('HBOCA') NADATE(12/31/2023) TRUST
-------------------------------------------------------------------------------

RACDCERT ID (HBOSTCID) GENCERT SUBJECTSDN(CN('CDPz DEFAULT CERT'))
         WITHLABEL('HBODefaultCert') SIGNWITH(CERTAUTH LABEL('HBOCA'))        
         NOTAFTER(DATE(2023/12/31))  
***Create the User Certificate and ign it with the CA Certificate***

TSS GENCERT(HBOSTCID) DIGICERT(HBOCERT) SUBJECTN('CN="CDPz DEFAULT CERT"') LABLCERT('HBODefaultCert') SIGNWITH(CERTAUTH,HBOCA) NADATE(12/31/2023) TRUST 
---------------------------------------------------------------------------------
             
RACDCERT ADDRING(HBO.Keyring.DFLT) ID(HBOSTCID)   
***Create the Keyring***

TSS ADD(HBOSTCID) KEYRING(HBORING) LABLRING('HBO.Keyring.DFLT')
----------------------------------------------------------------------------------
                
RACDCERT ID(HBOSTCID) CONNECT (LABEL('HBODefaultCert') RING(HBO.Keyring.DFLT) DEFAULT)    
***ADD the USER Certificate to the Keyring***

TSS ADD(HBOSTCID) KEYRING(HBORING) RINGDATA(HBOSTCID,HBOCERT) DEFAULT USAGE(PERSONAL)
**Note, the commands do not state whether they want this certificate to be USAGE(PERSONAL) or USAGE(CERTAUTH).  It is common practice to have USAGE(PERSONAL) but there are times that USAGE(CERTAUTH) is used on both CA certificate and the USER/PERSONAL/SITE certificate.  USER/PERSONAL/SITE all refer to the same type of certificate.***
----------------------------------------------------------------------------------
                      
RACDCERT ID(HBOSTCID) CONNECT (LABEL('HBOCA')                     
         RING(HBO.Keyring.DFLT) CERTAUTH)
***ADD the CA Certificate to the KEYRING***

TSS ADD(HBOSTCID) KEYRING(HBORING) RINGDATA(CERTAUTH,HBOCA) USAGE(CERTAUTH)