CA Web Viewer 12.1 Export Certificate from RACF Keyring

Article Id: 129578
Status: Published
Updated On: 15-03-2019 09:38
Products:
CA CIS , CA Common Services for z/OS , CA 90s Services , CA Database Management Solutions for DB2 for z/OS , CA Common Product Services Component , CA Common Services , CA Datacom/AD , CA ecoMeter Server Component FOC , CA Easytrieve Report Generator for Common Services , CA Infocai Maintenance , CA IPC , Unicenter CA-JCLCheck Common Component , CA Mainframe VM Product Manager , CA Chorus Software Manager , CA On Demand Portal , CA Service Desk Manager - Unified Self Service , CA PAM Client for Linux for zSeries , CA Mainframe Connector for Linux on System z , CA Graphical Management Interface , CA Web Administrator for Top Secret , CA CA- Xpertware , CA Compress Data Compression for MVS , CA Compress Data Compression for Fujitsu , CA Output Management Document Viewer , CA Output Management Web Viewer
Issue/Introduction:

How to export a certificate from a RACF keyring associated with CCISSL and import it into  a matching ,jks certificate file for CA Output Management Web Viewer for USS. 

An System SSL Trace showed this error. SSLHandshakeException General SSLEngine problem 
 

Environment:

IBM RACF
Common Services CCISSL 14.1
Common Services Tomcat
System SSL
CA Output Management Web Viewer for USS

 

Resolution:

  1. Issue this RACF command:
    RACDCERT EXPORT(LABEL('labelname')) CERTAUTH DSN(data-set-name) FORMAT(CERTDER)
  2.  Using binary mode copy 'data-set-name' to ....../CA_OM_Web_Viewer/NMVS/config/trust.cer
  3.  In TSO OMVS, enter these commands:
    1. cd ....../CA_OM_Web_Viewer/NMVS/config/
    2. export PATH=$PATH:/usr/lpp/java/J8.0_64/bin    (for example)
    3. keytool -importcert -keystore truststore.jks -storepass your_password -trustcacerts -noprompt -file trust.cer -v
  4. A new file truststore.jks file will be created and contain the CA certificate as a trusted cert entry.
  5. In CCIClient.properties, specify these lines, add if needed:
    1.  SSL.TrustStore=truststore.jks
    2. SSL.TrustStorePassword=your_password (your_password is the -storepass entry specified in the keytool command)
  6. Restart Tomcat