To enable the NSSD to generate hash and URL certificate encoding, perform the following steps:
Use the RACDCERT EXPORT command with the CERTDER format option to create a data set that contains the binary DER encoding of a certificate on a key ring. If the HTTP server is running on the local system, copy the data set to the location specified by the CertificateURL parameter value. If the HTTP server is running on a remote system, transfer the data set to the appropriate location using a utility such as FTP. For more details about the RACDCERT command, see z/OS Security Server RACF Command Language Reference.
The CertificateURL parameter in the configuration file of the NSS server associates a certificate on the key ring of the NSS server with a URL that identifies an HTTP server and a file on that server that contains the binary DER encoding of the certificate. For more details about the CertificateURL parameter, see z/OS Communications Server: IP Configuration Reference.
Use the certbundle command to create a file or data set that contains a certificate bundle. If the HTTP server is running on the local system, copy the file or data set to the location specified by the CertificateBundleURL parameter value. If the HTTP server is running on a remote system, transfer the file or data set to the appropriate location using a utility such as FTP. For more details about the certbundle command, see z/OS Communications Server: IP System Administrator's Commands. For more details about creating certificate bundles, see Creating certificate bundles.
The CertificateBundleURL parameter in the configuration file of the network security server associates a certificate on the key ring of the network security server with a URL that identifies an HTTP server and a file on that server that contains the certificate in a certificate bundle. For more details about the CertificateBundleURL parameter, see z/OS Communications Server: IP Configuration Reference.