Using RACF & Digital Certificates


Sytems security requirements have become much more stringent and complex over recent years, following the advent of TCP/IP and applications that interface with TCP/IP.
This essential new course explains how to set up and administer RACF Digital Certificates to ensure the privacy, intergrity and accountabilily of your data as it is passed across a TCPIP Network.
The course gives attendees a sound understanding of how RACF, Cryptography, SSL, Ciphers and Digital Certificates work together, and are used in the z/OS environment.
This course includes extensive hands-on exercises, with each student being given their own z/OS system on which to work. These exercises run after each major topic during the course, clarifying and reinforcing what has been taught.

The course as described below is available for open-enrolment presentations, live over the Internet, using RSM's Virtual Classroom Environment and can also be run for exclusive, one-company presentations.

Virtual Classroom Environment dates - click to book!

UK Start Times

13 August 2026 12 October 2026

What is a 'Virtual Classroom Environment'?

 

What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • Protect their use with the RADATLIB class.
  • understand how RACF works
  • understand the Group Structure, User Profiles and General Resources profiles in RACF
  • create Groups and Users
  • create General Resources and give access to them
  • describe how Cryptography, Ciphers and SSL/TSL work in a z/OS environment
  • explain how to implement the TLS and SSL protocol technology to protect data exchanges between client and server applications
  • implement the SSH daemon and SFTP using public/private keys
  • describe how Digital Certificates can be implemented and used within z/OS, and how various clients and servers use certificates
  • implement native TN3270/TLS security and native FTPS/TLS security, and convert SSHD to use Digital Certificates
  • create personal, CERTAUTH and SITE certificates, and RENEW them

Who Should Attend

This coursese is designed for all those who are involved in creating or renewing certificates, together with those who want to understand how RACF works with certificates and Cryptography.

Prerequisites

Attendees should have a sound knowledge of z/OS and its principal applications.

Duration

2 days

Fee (per attendee)

£1250 (ex VAT)

 

This includes free online 24/7 access to course notes.

 

Hard copy course notes are available on request from rsmshop@rsm.co.uk

at £50.00 plus carriage per set.

Course Code

DCERT

Contents

Introduction to RACF

What is required of a security system?; IBM's Resource Access Control Facility (RACF); Main RACF/MVS components; How does RACF work?; RACF Profiles; RACF classes; Controlling access; RACF commands.

RACF Group Structure

RACF group structure; Group types; Dataset owning groups; Users owning groups; General Resource groups; Concept of group and profile ownership; Administration delegation; Benefits of RACF groups; Defining RACF groups; Group CONNECT authority; Group profile contents; Group related commands.

Defining Users to RACF

Information on users; RACF user information; DFP segment information; TSO segment information; OPERPARM segment information; NETVIEW segment information; CICS segment information; OMVS segment information; Defining a new User; Prepare to create the user profile; Create the User Profile; Give user access to any RACF-protected areas; User-related commands; User attributes; Classifying users and data; Security categories and levels; Security labels.

Defining General Resources

General Resource related commands; Class Descriptor Table (CDT); IBM-defined Resource Classes; Steps for defining General Resource profiles; Granting access to a General Resource; Global Access Table (GAT).

The RACF Commands

Entering RACF commands; RACF commands and the manuals; Entering RACF commands in batch; Entering commands via a CLIST; Online Help.

Cryptography, SSL, Ciphers & Digital Certificates

Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; Secure Sockets Layer (SSL); Secret key cryptography; Ciphers used in secret key cryptography; Notes on secret key ciphers; Public key cryptography; Public key ciphers; Message integrity; Message digest algorithms; Message Authentication Codes; Using the ciphers; Ciphers; SSL protocol; How SSL works; SSL Session ID; The SSL layer; System SSL; System SSL on z/OS; Why TLS; Hardware cryptography on System Z; Crypto support in z/OS; SSL and Crypto devices; Three types of encryption keys; Clear Key processing; Secure Key processing; Master Keys and Key Data Sets; Protected Key/Wrapping Key.

RACF & Digital Certificates

digital certificate?; Public key & certificate; Uses for certificates in applications; Secure Sockets Layer (SSL); Digital certificates and RACF; How RACF uses digital certificates; RACF classes & commands; RACDCERT; RACF certificate generation; RACDCERT command; Creating a certificate; Gencert examples; Key rings; RACDCERT ring functions; Certification installation; RACDCERT ADD examples; Certification installation; Certificate management; Exploiters of certificates; Exporting a certificate; Certificates are packaged in formats; Steps for migrating a certificate and its ICSF private key in the PKDS; KEYXFER Utility; Miscellaneous issues; Renew a certificate; Examples of REKEY and ROLLOVER; Certificate mapping; RACF Key Rings; Global FACILITY class profiles; Sharing a private key; RDATALIB Class; RACDCERT granular administration; RACDCERT granular control; Listing, removing & deleting; Password enveloping; How does password enveloping work?; Password enveloping - exceptions.


© RSM Technology 2024