/****************************************/ /* */ /* RENEW External CA Certs */ /* */ /****************************************/ /****************************************/ /* Links */ /****************************************/ IBM Health Checker RACF checks (IBMRACF): https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.e0zl100/racfcertificate.htm Renewing a certificate steps: https://www.ibm.com/docs/en/zos/2.4.0?topic=SSLTBW_2.4.0/com.ibm.zos.v2r4.icha700/sec_racf/icha700/rskca.htm /****************************************/ /* RACF */ /****************************************/ /* SAMPLE COMMANDS */ RACDCERT LIST(LABEL('USER1 Cert')) RACDCERT ID(USER1) GENREQ(LABEL('USER1 Cert')) + DSN('SYSADM.CERT.REQ') - Send to Certification Authority - RACDCERT ID(USER1) ADD('SYSADM.CERT.SIGNED') RACDCERT LIST(LABEL('USER1 Cert')) /* SAMPLE OUTPUT */ BEFORE: READY RACDCERT LIST(LABEL('USER1 CERT')) Digital certificate information for user USER1: Label: USER1 CERT Certificate ID: 2QfR5MjSwfDx0eTI0sHw8UDDxdnj Status: TRUST Start Date: 2021/03/18 00:00:00 End Date: 2022/03/18 23:59:59 Serial Number: >01< Issuer's Name: >CN=TESTINTERCERT.OU=MYCO.C=US< Subject's Name: >CN=USER1TEST.OU=MYCO.C=US< Signing Algorithm: sha256RSA Key Type: RSA Key Size: 2048 Private Key: YES Ring Associations: *** No rings associated *** AFTER: READY RACDCERT LIST(LABEL('USER1 CERT')) Digital certificate information for user USER1: Label: USER1 CERT Certificate ID: 2QfR5MjSwfDx0eTI0sHw8UDDxdnj Status: TRUST Start Date: 2021/03/18 00:00:00 End Date: 2030/12/30 23:59:59 Serial Number: >02< Issuer's Name: >CN=TESTINTERCERT.OU=MYCO.C=US< Subject's Name: >CN=USER1TEST.OU=MYCO.C=US< Signing Algorithm: sha256RSA Key Type: RSA Key Size: 2048 Private Key: YES Ring Associations: *** No rings associated ***