Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Using RACF to obtain a certificate for the Web server z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
The IBM HTTP Server supports
using either gskkyman key databases (.kdb files)
or RACF® (SAF) key rings for
the server's certificate store. You are expected to use SAF key rings
if setting up their Web server for the first time.
Note: If you have
already set up your Web server using gskkyman, you can continue to
use it.
Use RACDCERT to generate the server certificate signed by the new Certificate Authority. Example:
The Web server needs a key ring containing its new certificate and any trusted CA certificate. The RACDCERT command with operands ADDRING and CONNECT also sets this up. For example, the RACDCERT commands to create a key ring called SSLring for user ID WEBSRV and to connect the Web server and CA certificates to it are: Example:
Export the CA certificate to an MVS™ data set. Then OPUT it to an file system file so that it can be made available to your clients. Example:
|
Copyright IBM Corporation 1990, 2014
|