The IKE daemon and NSS server require the ability to retrieve
digital certificates associated with a particular identity from a RACF® key ring, and to perform operations
with the associated private key.
Procedure
Perform the following steps to migrate keys and certificates
that are stored in an existing z/OS® key
database into a RACF key ring:
- Using gskkyman, export the certificate and private key
to a password-protected PKCS#12 file. For details on copying a certificate
with its private key, see z/OS Cryptographic Services System SSL Programming.
- Copy the newly created PKCS#12 file to an MVS™ data set.
- Use the RACDCERT command with the ADD operand to define
a certificate and private key. The data set name that was created
in step 2 contains the certificate.
- Use the RACDCERT command with the ADDRING operand to create
a new key ring in RACF.
- Use the RACDCERT command with the CONNECT operand to add
the certificate and private key to one or more existing RACF key rings.