Use the following instructions to renew the Digicert Intermediate CA certificate (Broadcom Download Server certificate). The Digicert Intermediate CA certificate must be renewed by July 8, 2022.
These instructions apply to customers using:
Note: Chorus Software Manager users are not affected.
To ensure uninterrupted service before the existing certificate expires, complete the following steps to download and connect the new Digicert Intermediate CA certificate (Broadcom Download Server certificate) for SMP/E Internet Service Retrieval and FTP with SSL to transfer files:
Select the following link to download the new Broadcom Download Server certificate (CN=DigiCert TLS RSA SHA256 2020 CA1.O=DigiCert Inc.C=US) serial number 06D8D904D5584346F68A2FA754227EC4:
https://ftpdocs.broadcom.com/cadocs/0/certs/digi-inter-new/digicert_intermediate_2031.crt
This certificate will replace the old Digicert Intermediate CA certificate on July 8, 2022.
Note: For RECEIVE ORDER, you can continue to use your existing User and Root certificates. You are not required to download new User and Root certificates.
Note the location of the file on your workstation.
Upload the server certificate that you saved to your workstation to z/OS.
ASCII
QUOTE SITE WRAP LRECL=256 RECFM=VB
PUT cert_file_name 'your.zos.dataset.name' (REPLACE
The new Digicert Intermediate CA certificate is transferred to z/OS.
Configure your External Security Manager (ESM) ACF2, Top Secret, or IBM RACF to add the new Digicert Intermediate CA certificate to the keyring for SMP/E Receive Order and FTP with SSL to transfer files.
SET PROFILE(USER) DIV(CERTDATA)
INSERT CERTAUTH.yourcertname DSN('your.zos.dataset.name') -
LABEL(yourlabeldescription)
SET PROFILE(USER) DIV(KEYRING)
PROFILE
CONNECT CERTDATA(CERTAUTH.yournewDigicertIntermediateCAcertname) KEYRING(user1.ring) -
USAGE(CERTAUTH)
TSS ADD(CERTAUTH) DIGICERT(yournewDigicertIntermediateCAcertname) LABLCERT(yourlabelname) -
DCDSN('your.zos.dataset.name') TRUST
TSS ADD(user1) KEYRING(yourRingName) RINGDATA(CERTAUTH,yournewDigicertIntermediateCAcertname) -
USAGE(CERTAUTH)
RACDCERT CERTAUTH ADD('your.zos.dataset.name') +
WITHLABEL('your new Digicert Intermediate CA label') TRUST
RACDCERT ID(ring-owner) CONNECT( CERTAUTH LABEL('your new Digicert Intermediate CA certificate label') +
RING(keyringname) USAGE(CERTAUTH) )
When these steps are completed, you have renewed the Broadcom Download Server (Digicert Intermediate CA ) certificate. You can remove the old Digicert Intermediate CA certificate after July 8, 2022.
When the old Digicert Immediate CA certificate expires, you can remove it from your ACF2, Top Secret, or IBM RACF database. Do not complete this step until after July 8, 2022.
ACF
SET PROFILE(USER) DIV(CERTDATA)
REMOVE CERTDATA(userid1.suffix) KEYRING(userid2.suffix) RINGNAME(ringname)
TSS REMOVE(owningacid) KEYRING(keyring) RINGDATA(CERTAUTH,digicert)
RACDCERT REMOVE(CERTAUTH LABEL('label-name') RING(ringname))