Perform the following steps to set up a certificate in
the RACF® database for a CMP
requester.
Procedure
- Generate a certificate for the CMP requester in the RACF database, signed by a certificate
that is in the HTTP Server's key ring.
Example: RACDCERT ID(User123) GENCERT
SUBJECT(CN('Messager') OU('OrgUnitA') O('OrgA') C('AU'))
WITHLABEL('client') SIGNWITH(CERTAUTH LABEL('Master PKI CA'))
_______________________________________________________________
- Export the certificate and its private key to a data set.
Example: RACDCERT ID(User123) EXPORT(LABEL('client'))
DSN('User123.private.eecert') FORMAT(PKCS12B64)
PASSWORD('secret')
Tip: You
could use
FORMAT(PKCS12DER) if you don't plan to
use copy and paste operations to transport the certificate and private
key to the client system.
_______________________________________________________________
- Transport the certificate to the system where the CMP client
will run. You can do this using FTP, or perhaps by copy and paste
operations, depending on the CMP client software.
_______________________________________________________________
Results
When you are done, the client can make CMP requests to
PKI Services.