CA Web Viewer 12.1 Export Certificate from RACF Keyring
search cancel

CA Web Viewer 12.1 Export Certificate from RACF Keyring

book

Article ID: 129578

calendar_today

Updated On:

Products

COMMON SERVICES FOR Z/OS Common Services Output Management Web Viewer

Issue/Introduction

How to export a certificate from a RACF keyring associated with CCISSL and import it into  a matching ,jks certificate file for CA Output Management Web Viewer for USS. 

An System SSL Trace showed this error. SSLHandshakeException General SSLEngine problem 
 

Environment

IBM RACF
Common Services CCISSL 14.1 and 15.0
Common Services Tomcat
System SSL
CA Output Management Web Viewer for USS

 

Resolution

  1. Issue this RACF command:
    RACDCERT EXPORT(LABEL('labelname')) CERTAUTH DSN(data-set-name) FORMAT(CERTDER)
  2.  Using binary mode copy 'data-set-name' to ....../CA_OM_Web_Viewer/NMVS/config/trust.cer
  3.  In TSO OMVS, enter these commands:
    1. cd ....../CA_OM_Web_Viewer/NMVS/config/
    2. export PATH=$PATH:/usr/lpp/java/J8.0_64/bin    (for example)
    3. keytool -importcert -keystore truststore.jks -storepass your_password -trustcacerts -noprompt -file trust.cer -v

  4. A new file truststore.jks file will be created and contain the CA certificate as a trusted cert entry.
  5. In CCIClient.properties, specify these lines, add if needed:
    1.  SSL.TrustStore=truststore.jks
    2. SSL.TrustStorePassword=your_password (your_password is the -storepass entry specified in the keytool command)

  6. Restart Tomcat
Powered by Wolken Software