Exporting Certificates from RACF

You can create and export certificates from RACF using the RACDCERT GENCERT and RACDCERT EXPORT commands respectively. You need to modify the parameters depending on your requirements. The following example assumes you are using your own Certificate Authority (CA).

The command to generate a certificate in RACF: 

RACDCERT GENCERT ID(SITE) SUBJECTSDN(CN('CommonName') +
      OU('organizational-unit-name1')
      OU('organizational-unit-name2') O('organization-name')) +
      SIZE(1024) NOTAFTER(DATE(yyyy-mm-dd)) +
      WITHLABEL('withlabel-name') +
      SIGNWITH(CERTAUTH LABEL('label-name')) +
      KEYUSAGE(DATAENCRYPT DOCSIGN HANDSHAKE)

The command to export the certificate from RACF: 

RACDCERT EXPORT(LABEL('withlabel-name')) ID(SITE) +
         DSN('output-data-set-name') +
         FORMAT(PKCS12B64) PASSWORD('pass phrase')
Note: The FORMAT parameter specifies an output format as DER encoded PKCS #12 package that has been encoded using base64.

The PASSWORD parameter is the pass phrase used to encrypt the exported certificate.

Parent topic: Configuring an SSL Client Connection to a Mainframe
Related concepts
Configuring an SSL Client Connection to a Mainframe
Related tasks
Setting up a Certificate Authority