To complete this task you use ikeyman to create a client certificate and export the client certificate. You then use ikeyman to import the certificate into the server keyring.
ikeyman is installed in:
SSL client authentication is an option that provides extra security by determining which client applications are allowed to connect to the Gateway daemon. This builds on the security provided by SSL server authentication.
If the SSL handler used by the CICS Transaction Gateway is configured to support server but not client authentication, you do not need to create a client certificate as described here because the client keyring requires just the signer certificate of the server, which you have already imported.
For client authentication to occur, the client keyring must contain a self-signed certificate that is used for identifying the connecting client to the server.
The Common name defaults to the name of the machine you are using, and the Validity period defaults to 365 days.
ikeyman now generates a public/private key pair, and an entry for the exampleclientcert certificate you have just created appears in the Personal Certificates window.
The exported certificate is a signer certificate generated from the personal certificate in the keyring, it does not contain the private key. Import it into the keyring of all servers that need to communicate with the SSL client. This certificate allows the server to verify the identity of the client.
The new signer certificate is added to the list in the Signer Certificates view, and can now be used by the server to verify the identity of the client application.