z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for renewing your PKI Services RA certificate

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

Before you begin

The commands in the steps that follow include several variables. The following table describes these variables. Determine the values for these variables and record the information in the blank boxes:
Table 1. Information you need for renewing your PKI Services RA certificate
Information needed Where to find this information Record your value here
ca_label - The label of your CA certificate in RACF® See Table 1.  
daemon - The user ID of the PKI Services daemon. See Table 1.  
racert_dsn - The name of the data set to contain your new certificate request. You decide this based on local data set naming conventions.  
ra_label - The label of your RA certificate in RACF. See Table 1.  

Procedure

Perform the following steps to renew your PKI Services RA certificate:
  1. Create a new certificate request from your existing RA certificate by entering the following RACF command from a TSO command prompt: 
    RACDCERT ID(daemon) GENREQ(LABEL('ra_label')) DSN(racert_dsn)
  2. Create the renewed PKI Services certified RA certificate by entering the following RACF command from a TSO command prompt. The ra_expires variable indicates the new expiration date.
    RACDCERT ID(daemon) GENCERT(racert_dsn) NOTAFTER(DATE(ra_expires))
  SIGNWITH(CERTAUTH LABEL(‘ca_label’))
  3. Stop and restart PKI Services.
Parent topic: Renewing your PKI Services CA and RA certificates

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014