Translation of EKMF RACF digital certificate commands to Top Secret
search cancel

Translation of EKMF RACF digital certificate commands to Top Secret

book

Article ID: 254348

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

EKMF RACF Digital Certifcate command coversion to Top Secret TSS commands.

Environment

Release : 16.0

Resolution

TSS PER(LIBSRV) IBMFAC(IRR.DIGTCERT) ACC(CONTROL)
TSS GENCERT(CERTAUTH) DIGICERT(EKMFCA) SUBJECTN('CN="EKMF Web CA" OU="Liberty" O="IBM"') LABLCERT('EkmfWebLibertyCA') NADATE(12/31/28) KEYSIZE(2048)
TSS GENCERT(LIBSRV) DIGICERT(EKMFSRV) SUBJECTN('CN="www.example.com" OU="Liberty" O="IBM"') LABLCERT('EkmfWebLibertyServer') SIGNWITH(CERTAUTH,EKMCA) NADATE(12/31/28) KEYSIZE(2048)
TSS GENCERT(LIBSRV) DIGICERT(EKMFOPID) SUBJECTN('CN="EkmfWebLibertyOpenID" OU="Liberty" O="IBM"') LABLCERT('EkmfWebLibertyOpenID') SIGNWITH(CERTAUTH,EKMFCA) NADATE(12/31/28) KEYSIZE(2048)
TSS ADD(LIBSRV) KEYRING(EKMFRING) LABLRING('EkmfKeyRing')
TSS ADD(LIBSRV) KEYRING(EKMFRING) RINGDATA(LIBSRV,EKMFSRV) USAGE(PERSONAL)
TSS ADD(LIBSRV) KEYRING(EKMFRING) RINGDATA(CERTAUTH,EKMFCA) USAGE(CERTAUTH) 
TSS ADD(LIBSRV) KEYRING(EKMFRING) RINGDATA(LIBSRV,EKMFOPID) USAGE(PERSONAL) 
TSS EXPORT(CERTAUTH) DIGICERT(EKMFCA) DCDSN('HLQ.LIBSRV.CERT') FORMAT(CERTDER)
TSS ADD(owning_acid)  RDATALIB(LIBSRV)
TSS PER(LIBSRV) RDATALIB(LIBSRV) ACC(READ)

Additional Information

Please see knowledge document "EKMF Security Setup for Top Secret"  for setting up Top Secret to secure EKMF.