You need to perform this task only if you are configuring PKI Services for the
first time or adding a new CA domain.
Before you begin
Replace
the following default values (used in the command examples) with values
appropriate for your configuration:
| Default value |
Your value |
|---|
| PKISRVD |
Use your daemon value in Table 1. |
| 'pkisrvd.webroot.derbin' |
Use your export_dsn value in Table 1. |
| /var/pkiserv |
Guideline: Use your ca_domain value
from Table 1 to
qualify the directory location if you are adding a new CA domain.
For example, /var/pkiserv/employees. |
Procedure
Perform the following steps to
set up a UNIX directory and
copy certain files that PKI Services needs into that directory:
- Change ownership of the directory to the user ID of the PKI Services
daemon by entering the following command from the UNIX command line:
Example: chown PKISRVD /var/pkiserv
_______________________________________________________________
- Copy the Web Server root certificate from its MVS™ data set to cacert.der in
the /var/pkiserv directory by entering the following
command from the UNIX command
line:
Example: cp "//'pkisrvd.webroot.derbin'" /var/pkiserv/cacert.der
_______________________________________________________________
- Change the permission settings of the file by entering the following
command from the UNIX command
line:
Example: chmod 644 /var/pkiserv/cacert.der
_______________________________________________________________
- Change the ownership of the file by entering the following
command from the UNIX command
line:
Example: chown pkisrvd /var/pkiserv/*
_______________________________________________________________
z/OS Cryptographic Services PKI Services Guide and Reference
Copyright IBM Corporation 1990, 2014