Convert RACF Commands To CA Top Secret TSS Command For TN3280 TLS

Document ID : KB000053858
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

IBM provides the following example to create the key ring and certificates for TN3270 TLS.

racdcert certauth gencert -
subjectsdn( o('IBM Corporation') -
ou('ITSO Certificate Authority') -
C('US')) -
NOTBEFORE(DATE(2007-09-11)) -
NOTAFTER(DATE(2008-09-11)) -
keyusage(certsign) -
withlabel('CS19 ITSO CA1')

setropts raclist(facility) refresh

racdcert certauth list

racdcert site gencert subjectsdn(cn('ITSO.IBM.COM') -
o('IBM Corporation') -
ou('ITSO CS19 Shared SITE') -
C('US')) -
withlabel('CS19 ITSO SharedSite1') -
signwith(certauth label('CS19 ITSO CA1')

racdcert site list

racdcert ID(TCPIP) ADDRING(SharedRing1)

racdcert ID(TCPIP) CONNECT(CERTAUTH - LABEL('CS19 ITSO CA1') -
RING(SharedRing1) -
USAGE(CERTAUTH)

racdcert ID(TCPIP) CONNECT(SITE -
LABEL('CS19 ITSO SharedSite1') -
RING(SharedRing1) -
DEFAULT -
USAGE(PERSONAL)

setropts raclist(DIGTRING) refresh
setropts raclist(DIGTCERT) refresh
racdcert listring(*) id(TCPIP)

Can you provide the Top Secret equivalents?

Solution:

Here are the commands converted:

  1. racdcert certauth gencert -
    subjectsdn( o('IBM Corporation') -
    ou('ITSO Certificate Authority') -
    C('US')) -
    NOTBEFORE(DATE(2007-09-11)) -
    NOTAFTER(DATE(2008-09-11)) -
    keyusage(certsign) -
    withlabel('CS19 ITSO CA1')

    TSS GENCERT(CERTAUTH) DIGICERT(digicertname1) LABLCERT('CS19 ITSO CA1')
    KEYUSAGE(CERTSIGN) SUBJECTN('O="IBM Corporation" - OU="ITSO Certificate Authority" C="US"') NADATE(9/11/208) NBDATE(9/11/2007)

  2. setropts raclist(facility) refresh
    No equivalent and not needed in Top Secret.

  3. racdcert certauth list
    TSS LIST(CERTAUTH) DATA(ALL)

  4. racdcert site gencert subjectsdn(cn('ITSO.IBM.COM') -
    o('IBM Corporation') -
    ou('ITSO CS19 Shared SITE') -
    C('US')) -
    withlabel('CS19 ITSO SharedSite1') -
    signwith(certauth label('CS19 ITSO CA1')

    TSS GENCERT(CERTSITE) DIGICERT(digicertname2) -
    LABLCERT('CS19 ITSO SharedSite1') -
    SUBJECTN('CN="ITSO.IBM.COM" O="IBM Corporation" -
    OU="ITSO CS19 Shared SITE"') SIGNWITH(CERTAUTH,digicertname1)

  5. racdcert site list
    TSS LIST(CERTSITE) DATA(ALL)

  6. racdcert ID(TCPIP) ADDRING(SharedRing1)
    TSS ADD(TCPIP) KEYRING(keyringname1) LABLRING(SharedRing1)

  7. racdcert ID(TCPIP) CONNECT(CERTAUTH -
    LABEL('CS19 ITSO CA1') -
    RING(SharedRing1) -
    USAGE(CERTAUTH)
    TSS ADD(TCPIP) KEYRING(keyringname1) RINGDATA(CERTAUTH,digicertname1) -
    USAGE(CERTAUTH)

  8. racdcert ID(TCPIP) CONNECT(SITE - LABEL('CS19 ITSO SharedSite1') -
    RING(SharedRing1) -
    DEFAULT -
    USAGE(PERSONAL)

    TSS ADD(TCPIP) KEYRING(keyringname1) RINGDATA(CERTSITE,digicertname2) - USAGE(PERSONAL) DEFAULT

  9. setropts raclist(DIGTRING) refresh
    No equivalent and not needed in Top Secret.

  10. setropts raclist(DIGTCERT) refresh
    No equivalent and not needed in Top Secret.

  11. racdcert listring(*) id(TCPIP)
    TSS LIST(TCPIP) SEGMENT(RINGDATA)