SMP/E for z/OS User's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Enabling certificate authority certificates

SMP/E for z/OS User's Guide
SA23-2277-01

A certificate authority (CA) certificate is used to verify signatures in other certificates such as the server and user certificates. The IBM Automated Delivery Request server uses a server certificate signed by the GeoTrust certificate authority. Therefore, the GeoTrust CA certificate must be accessible in the RACF® data base during RECEIVE ORDER command processing so the server certificate can be verified.

The GeoTrust CA certificates are supplied by default in RACF. However, by default the supplied certificates are not trusted. Use the following RACF command to trust the GeoTrust CA certificate: 
   RACDCERT CERTAUTH +
   ALTER(LABEL('Equifax Secure CA')) TRUST
Note: Equifax was acquired by GeoTrust, and the server’s certificate was signed by Equifax before the company’s acquisition. Hence the misleading certificate name.
Connect the GeoTrust CA certificate to the user’s key ring using the following RACF command: 
   RACDCERT ID(ring-owner) CONNECT( CERTAUTH RING(keyringname) +
   LABEL('Equifax Secure CA') USAGE(CERTAUTH) )
where keyringname is the name for the key ring you choose in Creating key rings and ring-owner is the user ID that created the key ring.
Parent topic: Setting up z/OS security server RACF

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014