Procedure
Perform the following steps to
customize a unique execution of the IKYSETUP REXX exec for this new CA domain.
- Locate the IKYSETUP exec you originally customized for your initial
CA domain and copy it to a data set member that you can edit.
_______________________________________________________________
- Edit the new copy of IKYSETUP and set the ca_domain variable
to the name of this new CA domain. Type the domain name preserving
the case of each character as you wish it to appear in Web page URLs.
_______________________________________________________________
- If you intend to have a dedicated set of administrators for each
CA domain, customize the following variables with your values for
this CA domain.
_______________________________________________________________
- (Optional) If you are creating multiple CAs as part
of a certificate hierarchy where a previous CA domain is to be superior
(as issuer or signer) of this CA domain, set signing_ca_label to
match the label of the certificate in RACF® that
will issue the certificate for this CA domain.
Otherwise, skip
to Step 5 and leave signing_ca_label="" (the
default).
_______________________________________________________________
- Update any other values, such as ca_dn and ra_dn,
that you choose to differ from your initial settings or the defaults.
You
need not change any values in this step unless you choose to
set these values to something particular for your installation. (This
is because when you specify a ca_domain value, the
IKYSETUP exec automatically qualifies any value that PKI Services requires
to be unique by adding the CA domain name.)
_______________________________________________________________
- Execute IKYSETUP by entering the following TSO command:
EX 'data-set-name(new-member-name)' 'RUN(NO)'
_______________________________________________________________
- Review the log data set to ensure that the commands created by
IKYSETUP match your expectations. (For more information about these
commands, see Actions IKYSETUP performs by issuing RACF commands.) Edit again as needed
and rerun.
_______________________________________________________________
- When you are satisfied with the commands and information in the
log data set, rerun the IKYSETUP exec by entering the following TSO
command:
EX 'data-set-name(new-member-name)' 'RUN(YES)'
_______________________________________________________________
- Check your IKYSETUP log and record the name of the SAF key ring
(your ca_ring value).
Name of the SAF key ring:
_______________________________________________________________
When you are done: You
have customized and run the IKYSETUP exec for this CA domain. Record
your progress in
Table 1.
Continue
to the next subtask. Guideline: Complete all subtasks for this
new CA domain and ensure that it operates properly before adding another
CA domain.