Exporting the certificate from IMS Connect

Use the RACDCERT command to export the certificate to a data set.

The certificate for IMS Connect is generated by using the RACDCERT GENCERT command. To export the certificate from IMS Connect:

  1. Determine the certificate authority to use.
    You can use the DA option in the System Display and Search Facility (SDSF) to locate the IMS Connect that has been set up for SSL. Use the display output to determine the owner that is associated with the PROC.
  2. From TSO, issue the RACDCERT command by using the associated owner of the PROC in the ID value.
    To issue the RACDCERT command, you must have sufficient authority for the specific RACDCERT function. For more information, see the topic on RACDCERT (Manage RACF® digital certificates) in z/OS® V2R1 Cryptographic Services ICSF Administrator's Guide.

    For NIST 800-131a, the RSA key must be generated with at least 2048 bits by specifying SIZE(2048) with the RACDCERT GENCERT command.

  3. Create a data set to export the certificate authority CERTAUTH for IMS Connect.
    if the digital ring information is as follows: 
    Ring:                                                                   
       	>IMSConnKeyring<                                                   
  	Certificate Label Name             Cert Owner     USAGE      DEFAULT    
  	--------------------------------   ------------   --------   -------    
  	IMS Connect Certauth               CERTAUTH       CERTAUTH     NO       
  	IMS Connect User Cert              ID(IMSCONN)    PERSONAL     YES
    The corresponding TSO command to export the Certificate Authority CERTAUTH into the IMSCONN.CERTBIN data set is:
    RACDCERT CERTAUTH EXPORT(LABEL('IMS Connect Certauth'))
DSN('IMSCONN.CERTBIN') FORMAT(CERTDER)
  4. From TSO, copy the data set to the HFS system.
    The following example copies the data set to an imsconn.cer certificate.
    OPUT 'IMSCONN.CERTBIN' '/u/userID/imsconn.cer' binary convert(no)