CA Web Viewer 12.1 Export Certificate from RACF Keyring

book

Article ID: 129578

calendar_today

Updated On:

Products

CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Compress Data Compression for MVS CA Compress Data Compression for Fujitsu CA Output Management Document Viewer CA Output Management Web Viewer

Issue/Introduction

How to export a certificate from a RACF keyring associated with CCISSL and import it into  a matching ,jks certificate file for CA Output Management Web Viewer for USS. 

An System SSL Trace showed this error. SSLHandshakeException General SSLEngine problem 
 

Environment

IBM RACF
Common Services CCISSL 14.1
Common Services Tomcat
System SSL
CA Output Management Web Viewer for USS

 

Resolution

  1. Issue this RACF command:
    RACDCERT EXPORT(LABEL('labelname')) CERTAUTH DSN(data-set-name) FORMAT(CERTDER)
  2.  Using binary mode copy 'data-set-name' to ....../CA_OM_Web_Viewer/NMVS/config/trust.cer
  3.  In TSO OMVS, enter these commands:
    1. cd ....../CA_OM_Web_Viewer/NMVS/config/
    2. export PATH=$PATH:/usr/lpp/java/J8.0_64/bin    (for example)
    3. keytool -importcert -keystore truststore.jks -storepass your_password -trustcacerts -noprompt -file trust.cer -v
  4. A new file truststore.jks file will be created and contain the CA certificate as a trusted cert entry.
  5. In CCIClient.properties, specify these lines, add if needed:
    1.  SSL.TrustStore=truststore.jks
    2. SSL.TrustStorePassword=your_password (your_password is the -storepass entry specified in the keytool command)
  6. Restart Tomcat