Subtask 8: Steps for starting PKI Services
Before you begin
This procedure requires you to be familiar with the information in Starting and stopping PKI Services. There are more details about the following steps there.Procedure
- Start the PKI Services daemon for this CA domain by entering the MVS™ console START command qualified with the
appropriate runtime directory. (Check Table 1.)Example:
Guideline: To simplify your environment, give this instance of PKI Services a JOBNAME that matches or relates to this CA domain name. When you add additional CA domains, it is easier to distinguish multiple jobs running PKI Services.S PKISERVD,JOBNAME=EMPLOYEE,DIR='/etc/pkiserv/employees'
_______________________________________________________________
- Restart the HTTP servers to enable the environment
variables you changed for this CA domain. Optionally, you can wait
to do this until after you have started all the new domain-specific
daemons.
ThenS WEBSRV1,ACTION=’stop’
S WEBSRV1
_______________________________________________________________
- Test that your new domain-specific PKI Services daemon
is functioning properly. Go to your web pages by entering the following
URL from your browser:
http://<webserver-fully-qualified-domain-name>/<new-admin-domain-name>/public-cgi/camain.rexx
The webserver-fully-qualified-domain-name is the common name (CN) portion of the web server's distinguished name; see Table 1.
You should be able to go through your web pages to request, retrieve, and revoke an applicable certificate for this CA domain, possibly "PKI browser certificate for authenticating to z/OS®". Ensure you can do this before adding new CA domains.
_______________________________________________________________
Once your new CA domain works properly, proceed to add another CA domain, if needed. Guideline: Perform Subtasks 3 - 8 for each new CA domain and ensure that the new CA domain operates properly before proceeding to add another.