Procedure
To support RSA signature mode authentication in phase
1 negotiations, perform the following steps to give the IKE daemon
the required access to a RACF® key
ring:
- If they are not already defined, create the definitions
that are required to allow certificates to be stored and accessed
from the RACF database by issuing
the following TSO commands:
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
- To permit the IKED to the facilities, issue the following
TSO commands:
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(IKED) ACC(READ)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(IKED) ACC(READ)
- Refresh the FACILITY class:
SETROPTS RACLIST(FACILITY) REFRESH