How to authenticate to the z/OSMF API with a certificate

  • Post category:z/OSMF
  • Reading time:2 mins read

This is a brief description of how to use the z/OSMF API with certificate authentication, from a PHP application.

Create a certificate.For example with openSSL:

openssl req -newkey rsa:2048 -nodes -keyout yourdomain.key
 -out yourdomain.csr

Send the certificate to a certificate authority to get it signed.

Add the signed certificate to RACF:

RACDCERT CHECKCERT(CERT)RACDCERT ADD(CERT) TRUST WITHLABEL('yourlabel-client-ssl') ID(your RACF userID) SETROPTS REFRESH RACLIST(DIGTCERT, DIGTRING)

When authentication, the userID in the ID field will be mapped to, and the z/OSMF tasks will run under this userID.

Save the signed certificate on the PHP server in a directory accessible for the PHP server.
The following PHP code will then issue a request with client certificate authentication: 

curl_setopt($curl, CURLOPT_SSLCERT, '/<server>/htdocs/<somesubdir>yourdomain.csr');
curl_setopt($curl, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
// this is the basic auth commented out: 'authorization: Basic ' . base64_encode($this->userid . ":" . $this->password),
etc for the reast of the header