Convert RACF commands to TSS commands for Simple Logon Digital Certificate Setup

Document ID : KB000114872
Last Modified Date : 14/09/2018
Show Technical Document Details
Issue:
Convert RACF commands to TSS commands for Simple Logon Digital Certificate Setup.
Resolution:
//**********************************************************************************************************************
//The RACF commands necessary to run the SSLOnlyWAR sample contained within the
//SimpleLoginEAR.
//**********************************************************************************************************************
//Permit the Liberty server id MSTONE1 to the FACILITY class IRR.DIGTCERT.LISTRING
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(MSTONE1) ACCESS(READ)

TSS PER(MSTONE1) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(READ)

SETROPTS RACLIST(FACILITY) REFRESH

*Not needed in TSS

//Create a keyring called LibertyKeyring
RACDCERT ADDRING(LibertyKeyring) ID(MSTONE1)

TSS ADD(MSTONE1) KEYRING(LIBYRING) LABLRING(LibertyKeyring)

//Create the Signing CERTAUTH certificate
RACDCERT CERTAUTH GENCERT SUBJECTSDN(CN('LibertyCA') OU('LIBERTY'))

TSS GENCERT(CERTAUTH) DIGICERT(LIBTYCA) SUBJECTN('CN="LibertyCA" OU="LIBERTY"') -
LABLCERT('LibertyCA.LIBERTY') TRUST NADATE(12/31/2030) 

//Create your personal certificate signed by LibertyCA.LIBERTY
RACDCERT ID(MSTONE1) GENCERT SUBJECTSDN(CN('boss0181.pok.ibm.com') O('IBM') OU('LIBERTY'))
WITHLABEL('DefaultCert.LIBERTY') SIGNWITH(CERTAUTH LABEL('LibertyCA.LIBERTY')) TRUST
NOTAFTER(DATE(2030/12/31)

TSS GENCERT(CERTSITE) DIGICERT(LIBTYCLT) LABLCERT('DefaultCert.LIBERTY') -
SIGNWITH(CERTAUTH,LIBTYCA) TRUST NADATE(12/31/2030)

//Connect the signer certificate LibertyCA.LIBERTY to the keyring LibertyKeyring with usage CERTAUTH
RACDCERT ID(MSTONE1) CONNECT(CERTAUTH LABEL('LibertyCA.LIBERTY') RING(LibertyKeyring)
USAGE(CERTAUTH)

TSS ADD(MSTONE1) KEYRING(LIBYRING) RINGDATA(CERTAUTH,LIBTYCA) USAGE(CERTAUTH)

//Connect the personal certificate DefaultCert.LIBERTY to the keyring LibertyKeyring with usage
//PERSONAL
RACDCERT ID(MSTONE1) CONNECT(ID(MSTONE1) LABEL('DefaultCert.LIBERTY') RING(LibertyKeyring)
USAGE(PERSONAL)


TSS ADD(MSTONE1) KEYRING(LIBYRING) RINGDATA(CERTSITE,LIBTYCLT) USAGE(PERSONAL)