I retrieved a certificate to implement continuous delivery for OPS/MVS, however, the certificate comes without a private key. The SMP/E job setup according to the CD documentation fails with:
smpeCC:09 smpeRoutine:GIMJVCNI smpeMsgLen:0000000112 smpeMsg:java.io.IOException
: The private key of xxxxx CASRVCE is not available or no authority to access the private key
'xxxxx CASRVCE' is the RACF ID (blanked out) and name for the retrieved certificate. The key ring also contains the Digicert certificate referenced in the documentation.
In case you need it our current Java is IBM 1.8, 64 bit. My JCL is:
//jobcard...
//SMPER1 EXEC PGM=GIMSMP,REGION=512M,
// PARM='PROCESS=WAIT'
//SMPCSI DD DISP=SHR,DSN=SYS5.CA.OPSMVS.V13R5B.CSI
//SMPNTS DD PATHDISP=KEEP,
// PATH='/local/service/opsmvs'
//SMPOUT DD SYSOUT=*
//SMPRPT DD SYSOUT=*
//SMPLIST DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SMPCNTL DD *
SET BOUNDARY (GLOBAL) .
RECEIVE
ORDER(
ORDERSERVER(SERVINFO)
CONTENT(RECOMMENDED)
CLIENT(CLIENTDD)
)
.
/*
//SERVINFO DD *
<ORDERSERVER
url="https://eapi.broadcom.com/receiveorder"
keyring="xxxxx/BROADCOM"
certificate="xxxxx CASRVCE"
>
</ORDERSERVER>
/*
//CLIENTDD DD *
<CLIENT retry="3"
javahome="/usr/lpp/java/current"
javadebugoptions="-Dcom.ibm.smp.debug=severe -showversion"
downloadmethod="https">
<HTTPPROXY host="yyyyyyyyyyyyyyyyyy"
user="xxxxx" pw="zzzzzzzz" port="pppp">
</HTTPPROXY>
</CLIENT>
/*
Should I just add a private key to the certificate? I also use certificates for HTTPS retrieval of IBM maintenance and IBM's SMP/E certificates come with a private key.
Release : 13.5
Component : OPS/MVS
This error indicates that the certificate is not defined as CERTAUTH. Both a CA certificate and a user certificate need to be connected to the key ring. For more information refer to the steps for the security product in use in the Mainframe Common Maintenance Procedures manual.
The manual may be found by scrolling to the Installation and Maintenance Tools section at the bottom of the Mainframe Support landing page. Select the link to "View Installation and Maintenance Tools", and then select the link for "CA SMP/E Internet Service Retrieval."