How to authenticate to the z/OSMF API with a certificate
This is a brief description of how to use the z/OSMF API with certificate authentication, from a PHP application.
Create a certificate.For example with openSSL:
openssl req -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Send the certificate to a certificate authority to get it signed.
Add the signed certificate to RACF:
RACDCERT CHECKCERT(CERT)RACDCERT ADD(CERT) TRUST WITHLABEL('yourlabel-client-ssl') ID(your RACF userID) SETROPTS REFRESH RACLIST(DIGTCERT, DIGTRING)
When authentication, the userID in the ID field will be mapped to, and the z/OSMF tasks will run under this userID.
Save the signed certificate on the PHP server in a directory accessible for the PHP server.
The following PHP code will then issue a request with client certificate authentication:
curl_setopt($curl, CURLOPT_SSLCERT, '/<server>/htdocs/<somesubdir>yourdomain.csr'); curl_setopt($curl, CURLOPT_SSLCERTTYPE, 'PEM'); curl_setopt($curl, CURLOPT_VERBOSE, 1); curl_setopt($curl, CURLOPT_HTTPHEADER, array( // this is the basic auth commented out: 'authorization: Basic ' . base64_encode($this->userid . ":" . $this->password), etc for the reast of the header