Identity Token Support uses a certificate and its associated keys to sign and validate generated tokens. The certificate’s private key must be of type RSA and its length must be either 2048 or 4096 bits.
You can select among the following options with respect to your certificate and its associated keys:
- Leverage certificate already stored in RACF
- Import an existing certificate into RACF
- Generate a new certificate via RACF
Regardless of choice, the certificate’s label must be TdgssUserAuth.