Step 1: Define RACF facilities and access controls

Procedure

To support RSA signature mode authentication in phase 1 negotiations, perform the following steps to give the IKE daemon the required access to a RACF® key ring:

  1. If they are not already defined, create the definitions that are required to allow certificates to be stored and accessed from the RACF database by issuing the following TSO commands: 
    RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
  2. To permit the IKED to the facilities, issue the following TSO commands: 
    PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(IKED) ACC(READ)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(IKED) ACC(READ)
  3. Refresh the FACILITY class: 
    SETROPTS RACLIST(FACILITY) REFRESH
Parent topic: Steps for setting up the IKE daemon for digital signature authentication when the native certificate service is used