Before a client (the CMP requester) can make requests to PKI Services through CMP, the client must have a certificate installed in the RACF® database under the client's RACF user ID. The certificate is used by the requester to authenticate the client, and the client's user ID is used to access the PKI Services functions. It must be signed by a CA certificate that is connected to the HTTP Server's key ring.

There are several ways to set up the client certificate. For example, you can have it generated elsewhere (not by PKI Services) and add it to the RACF database using the RACDCERT ADD command. Alternatively, you can generate the certificate yourself and add it to the RACF database using RACDCERT commands. The following instructions illustrate the latter approach.