Duration
3 hours
Overview
In the “RACF – Managing Digital Certificates” course you will see how encryption keys are used to securely manage data, and the standards that enforce encryption protocols. You will be introduced to various types of certificates and see how data that is stored in them. From a z/OS perspective you will see how IBM’s Digital Certificate Access Server (DCAS) provides password free access to that environment using a certificate. Commands used to generate and manipulate digital certificates, and keyrings is discussed in detail.
Audience
Application programmers, systems programmers, database administrators, security administrators, and others requiring knowledge about the use of certificates in a z/OS environment.
Prerequisites
Successful completion of the “RACF – Introduction to RACF” course or equivalent knowledge.
Objectives
After completing this course, the student will be able to:
- Describe how Public Key Cryptography works
- Explain what Digital Certificates are and how they work with Public Key Cryptography
- Describe how Digital Certificates are Used in a z/OS Environment
- Describe certificate tasks that can be performed using the RACDCERT command
- Create a Digital Certificate using the RACDCERT command
- List the content of a Digital Certificate and Keyring
Course Content
Introduction to Digital Certificates
Symmetric and asymmetric encryption
Public Key Cryptography Standards
X.509 Digital Certificate Content
Single Binary Certificate
Certificate Chain
Binary Certificate Package
Encryption Algorithms
Server and Client Authentication in a z/OS Environment
Creating and Managing Digital Certificates
RACF Digital Certificate Generation Process
Using the RACDCERT Command
User, Site, and Certificate Authority Certificates
Certificate Distinguished Name
Storing Keys
Special RACF User IDs Used to Anchor Certificates
Defining Access to use RACDCERT
Creating Granular Rules
ICSF Authorization
Digital Certificate RACF Classes
Displaying Certificate and Keyring Content
Checking to see if Certificate Exists in the RACF Database
Renewing an Expiring Digital Certificate