If you need to migrate keys and certificates stored in an existing
key database into a RACF® key
ring, follow these steps:
- Export the certificate/private key to a password protected PKCS
#12 file using gskkyman. See Copying a certificate with its private key for
details on the steps for exporting certificates/private keys to a
PKCS #12 file.
- Copy the newly created PKCS #12 file to a z/OS® data set.
- Use the RACDCERT command with the ADD operand and the data set
name created in step 2 to add the certificate/private key to the RACF database. The certificate
should be added as TRUSTED. If the private key is to be stored
in the ICSF PKDS, the ICSF keyword also needs to be specified on the
RACDCERT command.
- Use the RACDCERT command with the ADDRING operand to create a
new key ring in RACF. Use
the RACDCERT command with the CONNECT operand to add the certificate/private
key to one or more existing RACF key
rings.