When the certificate revocation lists are stored in the LDAP server,
you need to authorize CICS to access them through System SSL.
The certificate revocation lists are stored in the LDAP server with
an access class of critical, and can only be accessed by a user who
has provided authentication credentials at LDAP bind time. These credentials
are a user's distinguished name and an associated password. These details
can be saved in a specialized profile in the LDAPBIND RACF class. To set up
the profile, follow these steps:
The password that is used in the profile must be encrypted before
it is stored in the RACF database. To do this, you need to store a password
encryption key in the KEYSMSTR RACF class by issuing one of the following
RACF commands: