Steps for recovering a CA certificate profile
Before you begin
The commands in the steps that follow include several variables. Table 1 describes these variables. Determine the values for these variables and record the information in the blank boxes:
| Information needed | Where to find this information | Record your value here |
|---|---|---|
| backup_dsn - The name of the data set containing the backup copy of your original CA certificate and its private key | See Table 1. | |
| cacert_dsn - The data set name of your CA certificate as exported from RACF® | ||
| ca_label - The label of your CA certificate in RACF | See Table 1. | |
| ca_ring - The PKI Services SAF key ring | See Table 1. | |
| daemon - The user ID for the PKI Services daemon | See Table 1. | |
| your-passphrase - The passphrase you used when backing up the private key | You specified this when running IKYSETUP. |
Procedure
Perform the following steps to
recover a CA certificate profile:
- Issue the following TSO commands: Notes:
- If you are not using ICSF, omit the ICSF keyword on the first ADD command.
- If your CA certificate has been renewed, the second ADD command recovers the most current version using the saved CA certificate. If your certificate has not been renewed, you can omit the second ADD command. For information about renewing your CA certificate, see Renewing your PKI Services CA and RA certificates.
RACDCERT CERTAUTH ADD(backup_dsn) PASSWORD(your-passphrase) WITHLABEL('ca_label') ICSF RACDCERT CERTAUTH ADD(cacert_dsn) RACDCERT ID(daemon) CONNECT(CERTAUTH LABEL('ca_label') RING(ca_ring) USAGE(PERSONAL) DEFAULT)