Key Database
This section is required if you are running Top Secret or ACF2 and must create a key database.
RACDCERT command to create your certificate ring file.
For more information on using the
gskkyman utility, you can review this IBM document:
SC24-5877 OS/390 Cryptographic Services System Secure Sockets Layer Programming Guide and Reference.
To make it easier to execute the
gskkyman utility, you can copy the
KEYMAN exec in the Platform Server
EXEC library to the HFS system.
The following command can be used to copy the member to your HFS home directory:
OPUTX 'FUSION.EXEC(KEYMAN)' /u/userid LC MODE(733)
The
/u/userid field must be changed to the directory where you want to add the exec. The
MODE(733) assigns read/write/execute privileges to your user ID, and read/execute privileges to all other users. You can set this field as you want.
See the following copy of the exec that can be used to execute the
KEYMAN utility:
# Run SSL Key Manager Program export LIBPATH=$LIBPATH:.:/usr/lpp/gskssl/lib export PATH=$PATH:.:/usr/lpp/gskssl/bin export STEPLIB=$STEPLIB:CDS.SGSKLOAD gskkyman $1 $2 $3 exit
The library specified is
CDS.SGSKLOAD. This version is valid for OS/390 version 2.7. The dataset name for other versions might be different. If this dataset is not found, try using
GSK.SGSKLOAD.