Do you need to copy just the certificate, or the certificate and its private key?
The former would be the case for CA root and intermediate certificates; the latter would be the case for server certificates that your system originally generated. For the "and key" case, I think it may be impossible if the key is in ICSF. I don't know. For the "and key" case you can export just the certificate and not the key without error, but the resulting certificate will not be usable on the target system (without the key). For CA certificates, you may not have to "port" them. Just download them -- usually freely available -- from the CA site and install them "normally." For either case, RACDCERT EXPORT: https://www.ibm.com/docs/en/zos/3.1.0?topic=certificates-racdcert-export-export-certificate-package For either case, you need to pre-allocate a dataset RECFM=VB, LRECL=at least 80,SPACE= at least one track. For certificate only, I recommend FORMAT(CERTB64). That give you a "printable" file that you can readily inspect with an editor. The first line should say -----BEGIN CERTIFICATE-----. For certificate and private key, you must use PKCS12xxxx and a PASSWORD. Again, I recommend PKCS12B64. Then use RACDCERT ADD on the other system. HTH Charles On Thu, 12 Jun 2025 13:21:31 +0000, Ituriel do Neto <[email protected]> wrote: >Hi all, > >I am not a RACF expert, and even less so regarding digital certificates. >Can you enlighten me on how to port a digital certificate from one RACF to >another one? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
