How to authenticate to the z/OSMF API with a certificate

  • Post category:z/OSMF
  • Reading time:1 min read

This is a brief description of how to use the z/OSMF API with certificate authentication, from a PHP application. Create a certificate.For example with openSSL: openssl req -newkey rsa:2048 -nodes -keyout yourdomain.key  -out yourdomain.csr Send the certificate to a certificate authority to get it signed. Add the signed certificate to RACF: RACDCERT CHECKCERT(CERT)RACDCERT ADD(CERT) TRUST WITHLABEL('yourlabel-client-ssl') ID(your RACF userID) SETROPTS REFRESH RACLIST(DIGTCERT, DIGTRING) When authentication, the userID in the ID field will be mapped to, and the z/OSMF tasks will run under this userID. Save the signed certificate on the PHP server in a directory accessible for the PHP server.The following PHP code will then issue a request with client certificate authentication:  curl_setopt($curl, CURLOPT_SSLCERT, '/<server>/htdocs/<somesubdir>yourdomain.csr'); curl_setopt($curl, CURLOPT_SSLCERTTYPE, 'PEM'); curl_setopt($curl, CURLOPT_VERBOSE, 1); curl_setopt($curl, CURLOPT_HTTPHEADER, array( // this is the basic auth commented out: 'authorization: Basic ' . base64_encode($this->userid . ":" . $this->password), etc for the reast of the header