GENREQ Subcommand

The GENREQ command generates a certificate request to be sent to a Certification Authority.
The GENREQ subcommand generates a certificate request to be sent to a Certification Authority (CA). A CA is a trusted third party that issues digital certificates through secure connections. The GENREQ subcommand:
  • Extracts the subject's distinguished name and public key from an existing certificate.
  • Packages the certificate in PKCS #10 format. PKCS #10 is a standard format that is used to request X.509 certificates from CAs.
  • Signs the certificate with the certificate's private key.
  • Base-64 encodes the result.
  • Writes the certificate to a data set.
The certificate request is sent to a CA, which creates and signs a new certificate with the same distinguished name and public key. For more information, see Process Digital Certificates with
The GENREQ command can be issued in any mode of the ACF command.
GENReq {
Examples: Generate a certificate
Use the GENREQ subcommand to generate a certificate based on a logonid and suffix:
In this example, certificate request FRANK01.CERT was generated and is written to a data set named FRANK01.TESTREQ.REQ.
The following example is a generated certificate request:
Server: CA-SAF REL 1.3 Subject's distinguished name: CN=Frank OU=Sales Department O=Blue Lock Company C=US -----BEGIN NEW CERTIFICATE REQUEST----- MIIBkwI4AsBf9R0wGwYJKoZIhvcNAQkBFg5kbWFnZWVAbWliLmNvbTEVMBMGA1UE AxMMRGVubmlzIE1hZ2VlMQwwCgYDVQQFEwMwMDExDDAKBgNVBAogA01JQjELMAkG A1UEBjCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEA6SSBPS7HrK1WAOaU3QeN g+F85qvzyPh+VZLhihFR6IdX149OtAIhQFG+479EnpW2prJyjFr2Xd19jV4QxCHZ q8RYeVzU0+lrJPPRHLQGYUdx/lYvGv/LzwZOiWn+OwRdTqkxKTPr/IH0weIXW0Xg j2rhi1YQK8xpm7IpdwEw+eECAQOgADqxBgkqhkiG9w0BAQQDgYEALsTCqYSqfLXH 9aZ8lx1tj0pBcsSIgqKf9BF2KxM2i9PfTxuqnuLt3dQcM/MBJp0oKvFlNaUfevkt 4eoljTkZZ+WBq4s9Lwx7c/K6O9CMGG59j2VvhxRBIbhhzQN1SoOX/tf50y6kQmMP cnUi93gpQIaopR/zQvjJhUN7TZAwUJE -----END NEW CERTIFICATE REQUEST-----
  • logonid
    Specifies the record key of the certificate to use to obtain the distinguished name and public key for the request (if Label is not also specified). This value is a one- to eight-character logonid, or a logonid, a dot, and a one- to eight-character suffix. If label is also specified,
    rather than
    . The label must indicate the logonid that the label is associated.
    Specifies the name of the data set into which the certificate request is written. The data set must not already exist. A data set name that is enclosed in single quotation marks is considered fully qualified and is used as specified. Otherwise, the user's prefix, as specified by the TSO PROFILE PREFIX command (or defaulted from the DFT-PFX field of the logonid record) is added to the front of the data set name.
  • Label(
    Specifies the label of the certificate that is used to obtain the distinguished name and public key for the request. Logonid must also be specified to indicate the logonid with which the label is associated.
    For every apostrophe specified in the Label value, specify two consecutive apostrophes. For example, specify the Label value Frank's Certificate as Frank”s Certificate. A value that contains a single apostrophe is invalid.