z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Migrating key database files to RACF key rings

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

If you need to migrate keys and certificates stored in an existing key database into a RACF® key ring, follow these steps:
  1. Export the certificate/private key to a password protected PKCS #12 file using gskkyman. See Copying a certificate with its private key for details on the steps for exporting certificates/private keys to a PKCS #12 file.
  2. Copy the newly created PKCS #12 file to a z/OS® data set.
  3. Use the RACDCERT command with the ADD operand and the data set name created in step 2 to add the certificate/private key to the RACF database. The certificate should be added as TRUSTED. If the private key is to be stored in the ICSF PKDS, the ICSF keyword also needs to be specified on the RACDCERT command.
  4. Use the RACDCERT command with the ADDRING operand to create a new key ring in RACF. Use the RACDCERT command with the CONNECT operand to add the certificate/private key to one or more existing RACF key rings.
Parent topic: gskkyman interactive mode examples

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014