Transferring certificates
This section describes how to extract a certificate from a key ring to
allow it to be copied to another system, and how to import a certificate from
another system into a key ring.
Exporting a personal certificate from a key repository
On the system from which you want to extract the certificate, use the following
command:
RACDCERT ID(userid2) EXPORT(LABEL('label-name'))
DSN(output-data-set-name) FORMAT(CERTB64)
where:
- userid2 is the user ID under which the certificate
was added to the key ring.
- label-name is the label of the certificate you
want to extract.
- output-data-set-name is the data set into which
the certificate is placed.
- CERTB64 is a DER encoded X.509 certificate that is in Base64 format. You
can choose an alternative format, for example:
- CERTDER
- DER encoded X.509 certificate in binary format
- PKCS12B64
- PKCS #12 certificate in Base64 format
- PKCS12DER
- PKCS #12 certificate in binary format
Note that PKCS12DER is supported only on OS/390(R) V2.10 and z/OS V1.1 and subsequent
releases.
Importing a personal certificate into a key repository
To import the extracted certificate into a different key ring, follow the
procedure described in Adding personal certificates to a key repository.