EKMF RACF Digital Certifcate command coversion to Top Secret TSS commands.
Release : 16.0
TSS PER(LIBSRV) IBMFAC(IRR.DIGTCERT) ACC(CONTROL)
TSS GENCERT(CERTAUTH) DIGICERT(EKMFCA) SUBJECTN('CN="EKMF Web CA" OU="Liberty" O="IBM"') LABLCERT('EkmfWebLibertyCA') NADATE(12/31/28) KEYSIZE(2048)
TSS GENCERT(LIBSRV) DIGICERT(EKMFSRV) SUBJECTN('CN="www.example.com" OU="Liberty" O="IBM"') LABLCERT('EkmfWebLibertyServer') SIGNWITH(CERTAUTH,EKMCA) NADATE(12/31/28) KEYSIZE(2048)
TSS GENCERT(LIBSRV) DIGICERT(EKMFOPID) SUBJECTN('CN="EkmfWebLibertyOpenID" OU="Liberty" O="IBM"') LABLCERT('EkmfWebLibertyOpenID') SIGNWITH(CERTAUTH,EKMFCA) NADATE(12/31/28) KEYSIZE(2048)
TSS ADD(LIBSRV) KEYRING(EKMFRING) LABLRING('EkmfKeyRing')
TSS ADD(LIBSRV) KEYRING(EKMFRING) RINGDATA(LIBSRV,EKMFSRV) USAGE(PERSONAL)
TSS ADD(LIBSRV) KEYRING(EKMFRING) RINGDATA(CERTAUTH,EKMFCA) USAGE(CERTAUTH)
TSS ADD(LIBSRV) KEYRING(EKMFRING) RINGDATA(LIBSRV,EKMFOPID) USAGE(PERSONAL)
TSS EXPORT(CERTAUTH) DIGICERT(EKMFCA) DCDSN('HLQ.LIBSRV.CERT') FORMAT(CERTDER)
TSS ADD(owning_acid) RDATALIB(LIBSRV)
TSS PER(LIBSRV) RDATALIB(LIBSRV) ACC(READ)
Please see knowledge document "EKMF Security Setup for Top Secret" for setting up Top Secret to secure EKMF.