Does this help?
// EXPORT SYMLIST=*
// SET CALABEL='Ituriel Cert Auth'
// SET SITELAB='Ituriel Site Cert'
// SET DATE1='2027-01-01' soon
// SET DATE2='2050-12-31' much later
//RACFCERT EXEC PGM=IKJEFT01
//SYSIN DD DUMMY
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *,SYMBOLS=EXECSYS
RACDCERT GENCERT CERTAUTH +
WITHLABEL('&CALABEL') +
NOTAFTER( DATE(&DATE1) TIME(&LHR:&LMIN:&LSEC) )
RACDCERT GENCERT SITE +
SUBJECTSDN(CN('www.ituriel.com')) +
WITHLABEL('&SITELAB') +
SIGNWITH( CERTAUTH LABEL('&CALABEL'))
SETROPTS REFRESH RACLIST(DIGTCERT DIGTRING)
RACDCERT CERTAUTH LIST(LABEL('&CALABEL'))
RACDCERT SITE LIST(LABEL('&SITELAB'))
RACDCERT SITE REKEY(LABEL('&SITELAB')) +
NOTAFTER( DATE(&DATE2) TIME(&LHR:&LMIN:&LSEC) ) +
WITHLABEL('&SITELAB-2')
RACDCERT SITE ROLLOVER(LABEL('&SITELAB')) +
NEWLABEL('&SITELAB-2')
RACDCERT SITE ALTER(LABEL('&SITELAB')) +
NEWLABEL('&SITELAB-1')
RACDCERT SITE ALTER(LABEL('&SITELAB-2')) +
NEWLABEL('&SITELAB')
RACDCERT SITE LIST(LABEL('&SITELAB'))
//
On Wed, 14 May 2025 at 05:31, Ituriel do Neto <
[email protected]> wrote:
> Hello,
>
> I did some tests with digital certificates using RACF and could
> successfully access data on an HTTP server on z/OS from my desktop over an
> SSL connection.
>
> To achieve this, I executed:
> RACDCERT CERTAUTH GENCERT
> RACDCERT CERTAUTH EXPORT
> RACDCERT GENCERT SITE
> RACDCERT ID(xxxx) ADDRING
>
> I am not a RACF expert, and could not figure out how to extend the
> validity of the certificate.
>
> Any help will be highly appreciated.
> Thanks in advance.
>
> Best Regards
>
> Ituriel do Nascimento Neto
> z/OS System Programmer
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
