Before you begin
The RACF® database provides
digital certificate and key ring support through the RACDCERT command.
The administrator who is responsible for managing the RACF key ring for the IKED needs appropriate
access to this command.
Procedure
Perform the following steps to define profiles to control
access to this command:
- If they are not already defined, create the definitions
that are required to control access to the basic RACDCERT actions
by issuing the following TSO commands:
RDEFINE FACILITY IRR.DIGTCERT.ADD UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.ADDRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.CONNECT UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.GENCERT UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.GENREQ UACC(NONE)
- Issue the following TSO commands (where userid is
the ID of the person who will be executing the RACDCERT command to
manage digital certificates):
PERMIT IRR.DIGTCERT.ADD CLASS(FACILITY) ID(userid) ACC(CONTROL)
PERMIT IRR.DIGTCERT.ADDRING CLASS(FACILITY) ID(userid) ACC(UPDATE)
PERMIT IRR.DIGTCERT.CONNECT CLASS(FACILITY) ID(userid) ACC(CONTROL)
PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(userid) ACC(CONTROL)
PERMIT IRR.DIGTCERT.GENREQ CLASS(FACILITY) ID(userid) ACC(CONTROL)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(userid) ACC(CONTROL)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(userid) ACC(UPDATE)
- Refresh the FACILITY class:
SETROPTS RACLIST(FACILITY) REFRESH