Setup for SSL for a self signed certificate with ACF2

book

Article ID: 131150

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



How to setup ACF2 so that a self-signed certificate can be used to connect to a server? 

Environment

Release:
Component: ACF2MS

Resolution

A self signed certificate is one that has not been signed by a certificate authority.

A certificate signed by a certificate authority (CA) would be included in a server keyring
with the signing certificate(s).

For example.

 KEYRING / SERVER1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26 
 DEFAULT(SERVER1.CERT) RINGNAME(Server1Ring) 
The following certificates are connected to this key ring: 
CERTDATA                       record Label                   Usage 
-----------------              --------------------------------        -------- 
CERTAUTH.CERT    Certauth certificate Root      CERTAUTH 
CERTAUTH.CERT2  Certauth certificate Inter      CERTAUTH 
SERVER1.CERT       SERVER1.CERT                 PERSONAL 

A self-signed certificate would be connected to the 
server keyring without a certauth certificate.
For example.
 
KEYRING / SERVER1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26 
 DEFAULT(SERVER1.CERT) RINGNAME(Server1Ring) 
The following certificates are connected to this key ring: 
CERTDATA                       record Label                   Usage 
-----------------              --------------------------------        -------- 
SERVER1.CERT       SERVER1.CERT                 PERSONAL 

A client keyring for a CA signed certificate would only contain the CA certificates.
For example..

 KEYRING / CLIENT1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26 
 DEFAULT() RINGNAME(Client1Ring) 
The following certificates are connected to this key ring: 
CERTDATA                       record Label                   Usage 
-----------------              --------------------------------        -------- 
CERTAUTH.CERT    Certauth certificate Root      CERTAUTH 
CERTAUTH.CERT2  Certauth certificate Inter      CERTAUTH 

A self-signed certificate would be attached to the client keyring
as a certauth certificate
For example...

KEYRING /CLIENT1.RING LAST CHANGED BY USER001 ON 04/11/19-12:26 
 DEFAULT() RINGNAME(Cleint1Ring) 
The following certificates are connected to this key ring: 
CERTDATA                       record Label                           Usage 
-----------------                   --------------------------------          -------- 
CERTAUTH.SERVER1  SERVER1.CERT                 CERTAUTH  

(the above certificate is the same certificate as SERVER1.CERT but referenced as a
certauth certificate and not a personal certificate in the client keyring.)