Steps for renewing your PKI Services RA certificate

Before you begin

The commands in the steps that follow include several variables. The following table describes these variables. Determine the values for these variables and record the information in the blank boxes:
Table 1. Information you need for renewing your PKI Services RA certificate
Information needed Where to find this information Record your value here
ca_label - The label of your CA certificate in RACF® See Table 1.  
daemon - The user ID of the PKI Services daemon. See Table 1.  
racert_dsn - The name of the data set to contain your new certificate request. You decide this based on local data set naming conventions.  
ra_label - The label of your RA certificate in RACF. See Table 1.  

Procedure

Perform the following steps to renew your PKI Services RA certificate:
  1. Create a new certificate request from your existing RA certificate by entering the following RACF command from a TSO command prompt: 
    RACDCERT ID(daemon) GENREQ(LABEL('ra_label')) DSN(racert_dsn)
  2. Create the renewed PKI Services certified RA certificate by entering the following RACF command from a TSO command prompt. The ra_expires variable indicates the new expiration date.
    RACDCERT ID(daemon) GENCERT(racert_dsn) NOTAFTER(DATE(ra_expires))
  SIGNWITH(CERTAUTH LABEL(‘ca_label’))
  3. Stop and restart PKI Services.
Parent topic: Renewing your PKI Services CA and RA certificates