Perform the following steps to set up a certificate in
the RACF® database for a CMP
requester.
Procedure
- Generate a certificate for the CMP requester in the RACF database, signed by a certificate
that is in the HTTP Server's key ring.
Example: RACDCERT ID(User123) GENCERT
SUBJECT(CN('Messager') OU('OrgUnitA') O('OrgA') C('AU'))
WITHLABEL('client') SIGNWITH(CERTAUTH LABEL('Master PKI CA'))
_______________________________________________________________
- Export the certificate and its private key to a data set.
Example: RACDCERT ID(User123) EXPORT(LABEL('client'))
DSN('User123.private.eecert') FORMAT(PKCS12B64)
PASSWORD('secret')
Tip: You could
use
FORMAT(PKCS12DER) if you do not plan to use copy
and paste operations to transport the certificate and private key
to the client system.
_______________________________________________________________
- Transport the certificate to the system where the CMP client will run.
You can do this using FTP, or perhaps by copy and paste operations,
depending on the CMP client software.
_______________________________________________________________
Results
When you are done, the client can make CMP requests to
PKI Services.