Steps for renewing your PKI Services RA certificate
Before you begin
The commands in the steps
that follow include several variables. The following table describes
these variables. Determine the values for these variables and record
the information in the blank boxes:
Information needed | Where to find this information | Record your value here |
---|---|---|
ca_label - The label of your CA certificate in RACF® | See Table 1. | |
daemon - The user ID of the PKI Services daemon. | See Table 1. | |
racert_dsn - The name of the data set to contain your new certificate request. | You decide this based on local data set naming conventions. | |
ra_label - The label of your RA certificate in RACF. | See Table 1. |
Procedure
Perform the following steps to
renew your PKI Services RA
certificate:
- Create a new certificate request from your existing
RA certificate by entering the following RACF command from a TSO command prompt:
RACDCERT ID(daemon) GENREQ(LABEL('ra_label')) DSN(racert_dsn)
- Create the renewed PKI Services certified
RA certificate by entering the following RACF command from a TSO command prompt. The ra_expires variable
indicates the new expiration date.
RACDCERT ID(daemon) GENCERT(racert_dsn) NOTAFTER(DATE(ra_expires)) SIGNWITH(CERTAUTH LABEL(‘ca_label’))
- Stop and restart PKI Services.