RACF JCL for FTP commands to Top Secret commands

Document ID : KB000113733
Last Modified Date : 13/09/2018
Show Technical Document Details
Introduction:
 The following Racf Jobs for FTP certificates need the RACF commands converted to Top Secret commands.

//RACFTPS1 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
  RACDCERT CERTAUTH GENCERT +
  SUBJECTSDN( +
  CN('FTPS CA CERT ZDSS1') +
  O('OMVSKERN') L('BLR') C('IN') ) +
  TRUST +
  SIZE(1024) +
  NOTBEFORE(DATE(2013-04-15)) +
  NOTAFTER(DATE(2023-04-15)) +
  WITHLABEL('FTPS CA CERT') +
  KEYUSAGE(CERTSIGN)
 
//RACFTPS2 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
  RACDCERT ID(OMVSKERN) GENCERT +
  SUBJECTSDN( +
  CN('FTPS SERV CERT ZDSS1') +
  O('OMVSKERN') L('BLR') C('IN') ) +
  SIZE(1024) +
  NOTBEFORE(DATE(2013-04-15)) +
  NOTAFTER(DATE(2023-04-15)) +
  WITHLABEL('FTPS SERV CERT') +
  KEYUSAGE(HANDSHAKE DATAENCRYPT DOCSIGN) +
  SIGNWITH(CERTAUTH LABEL('FTPS CA CERT'))
/*
 
//RACFTPS4 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *,DLM=@@
/******************************************************
/* ADD A KEYRING CALLED FTPSRING                      *
/******************************************************
  RACDCERT ID(OMVSKERN) ADDRING(FTPSRING)
/******************************************************
/* CONNECT THE CA CERTIFICATE TO FTPSRING KEYRING *
/******************************************************
  RACDCERT ID(OMVSKERN) +
  CONNECT(CERTAUTH LABEL('FTPS CA CERT') +
  RING(FTPSRING) )
/******************************************************
/* CONNECT THE FTP SERVER CERTIFICATE TO FTPSRING *
/* KEYRING                                            *
  RACDCERT ID(OMVSKERN) +
  CONNECT(LABEL('FTPS SERV CERT') +
  RING(FTPSRING) +
  DEFAULT)
/******************************************************
/* LIST THE CONTENTS OF FTPSRING KEYRING          *
/******************************************************
  RACDCERT ID(OMVSKERN) LISTRING(FTPSRING)
@@
 
//RACFTPS3 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
  RACDCERT CERTAUTH +
  EXPORT(LABEL('FTPS CA CERT')) +
  DSN('ZDSS1.FTPS.CACERT.B64') +
  FORMAT(CERTB64)
/*
 
Instructions:
//RACFTPS1 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
  RACDCERT CERTAUTH GENCERT +
  SUBJECTSDN( +
  CN('FTPS CA CERT ZDSS1') +
  O('OMVSKERN') L('BLR') C('IN') ) +
  TRUST +
  SIZE(1024) +
  NOTBEFORE(DATE(2013-04-15)) +
  NOTAFTER(DATE(2023-04-15)) +
  WITHLABEL('FTPS CA CERT') +
  KEYUSAGE(CERTSIGN)

TSS GENCERT(CERTAUTH) DIGICERT(FTPSCA) SUBJECTN('CN="FTPS CA CERT" O="OMVSKERN" L="'BLR" C="IN" ') KEYSIZE(1024) NADATE(04/15/2013) KEYUSAGE(CERTSIGN) LABLCERT('FTPS CA CERT')

-----------------------------------------------------------------------------------------------------------------------------------

//RACFTPS2 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
  RACDCERT ID(OMVSKERN) GENCERT +
  SUBJECTSDN( +
  CN('FTPS SERV CERT ZDSS1') +
  O('OMVSKERN') L('BLR') C('IN') ) +
  SIZE(1024) +
  NOTBEFORE(DATE(2013-04-15)) +
  NOTAFTER(DATE(2023-04-15)) +
  WITHLABEL('FTPS SERV CERT') +
  KEYUSAGE(HANDSHAKE DATAENCRYPT DOCSIGN) +
  SIGNWITH(CERTAUTH LABEL('FTPS CA CERT'))
/*

TSS GENCERT(OMVSKERN) DIGICERT(FTPSSERV) SUBJECTN('CN="FTPS SERV CERTZDSS1" O="OMVSKERN" L="BLR" C="IN" ') KEYSIZE(1024) NADATE(04/15/2023) LABLCERT('FTPS SERV CERT') KEYUSAGE('HANDSHAKE DATAENCRYPT DOCSIGN') SIGNWITH(CERTAUTH,FTPSCA)

-------------------------------------------------------------------------------------------------------------------------------------
//RACFTPS4 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *,DLM=@@
/******************************************************
/* ADD A KEYRING CALLED FTPSRING                      *
/******************************************************
  RACDCERT ID(OMVSKERN) ADDRING(FTPSRING)
/******************************************************
/* CONNECT THE CA CERTIFICATE TO FTPSRING KEYRING *
/******************************************************
  RACDCERT ID(OMVSKERN) +
  CONNECT(CERTAUTH LABEL('FTPS CA CERT') +
  RING(FTPSRING) )
/******************************************************
/* CONNECT THE FTP SERVER CERTIFICATE TO FTPSRING *
/* KEYRING                                            *
  RACDCERT ID(OMVSKERN) +
  CONNECT(LABEL('FTPS SERV CERT') +
  RING(FTPSRING) +
  DEFAULT)
/******************************************************
/* LIST THE CONTENTS OF FTPSRING KEYRING          *
/******************************************************
  RACDCERT ID(OMVSKERN) LISTRING(FTPSRING)
@@

TSS ADD(OMVSKERN) KEYRING(FTPSRING)
TSS ADD(OMVSKERN) KEYRING(FTPSRING) RINGDATA(CERTAUTH,FTPSCA) USAGE(CERTAUTH)
TSS ADD(OMVSKERN) KEYRING(FTPSRING) RINGDATA(OMVSKERN,FTPSSERV) USAGE(PERSONAL) DEFAULT
TSS LIST(OMVSKERN) KEYRING(FTPSRING)
 
---------------------------------------------------------------------------------------------------------------------------------------

//RACFTPS3 JOB (12345),ZZBXR,
//         CLASS=A,NOTIFY=&SYSUID,MSGCLASS=X
//CERT01 EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
  RACDCERT CERTAUTH +
  EXPORT(LABEL('FTPS CA CERT')) +
  DSN('ZDSS1.FTPS.CACERT.B64') +
  FORMAT(CERTB64)

TSS EXPORT(CERTAUTH) DIGICERT(FTPSCA) LABLCERT('FTPS CA CERT') DCDSN('ZDSS1.FTPS.CACERT.B64') FORMAT(CERTB64)