//*********************************************************************
//* Licensed Materials - Property of IBM ***
//* 5698-AA4 © Copyright IBM Corp. 2011, 2013. All Rights Reserved. ***
//* ***
//*Change Activity: ***
//*Flg=Reason Vers Date Name Description ***
//*----------- ---- ------- ---- ----------------------------------***
//*$P1=RTC63820,V8R1,20Dec12,ADL ***
//*********************************************************************
//* To enable TADz Analyzer to use HTTP secure (HTTPS) the following *
//* steps should be implemented by your site's RACF Administrator: *
//* 1. Delete KEYRING(TADZ_KEYRING) and certificates with the *
//* labels TADZCERT and LOCALCA. *
//* 2. Activate RACF Classes required for digital certificates. *
//* 3. Define Keyring TADZ_KEYRING. *
//* 4. Generate certificate. *
//* 5. Connect to Keyring. *
//* 6. Refresh RACF Classes required for digital certificates. *
//* 7. Permit access to the Facility Class profiles and refresh. *
//* *
//* *
//* The following JCL demonstrates a sample implementation: *
//* 1. Update all occurrences of "HSI" to reflect *
//* your TADz HTTPS environment. *
//* *
//* Do not change the RACF keyring 'TADZ_KEYRING' or label 'TADZCERT' *
//* unless you update the corresponding values in Analyzer PARMLIB *
//* member HSISANP2 and restart the Analyzer STC/Job. *
//*-------------------------------------------------------------------*
//RACFDEF EXEC PGM=IKJEFT01,DYNAMNBR=30
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROF NOPREF
RACDCERT DELETE(LABEL('LOCALCA')) CERTAUTH
RACDCERT DELETE(LABEL('TADZCERT')) ID(HSI)
RACDCERT ID(HSI) DELRING(TADZ_KEYRING)
SETROPTS CLASSACT(DIGTCERT,DIGTNMAP)
RACDCERT ID(HSI) ADDRING(TADZ_KEYRING)
RACDCERT ID(HSI) CERTAUTH GENCERT -
SUBJECTSDN( O('TIVOLI ASSET DISCOVERY') -
CN('syshost.company') -
C('US')) TRUST -
WITHLABEL('LOCALCA') -
KEYUSAGE(CERTSIGN)
RACDCERT ID(HSI) GENCERT -
SUBJECTSDN (CN('TADZCERT') -
OU('SYSTEM SOFTWARE SUPPORT.') -
C('US')) -
WITHLABEL('TADZCERT') -
SIGNWITH(CERTAUTH -
LABEL('LOCALCA'))
RACDCERT ID(HSI) -
CONNECT(ID(HSI) -
LABEL('TADZCERT') -
RING(TADZ_KEYRING) -
DEFAULT -
USAGE(PERSONAL))
RACDCERT ID(HSI) -
CONNECT(ID(HSI) CERTAUTH -
LABEL('LOCALCA') -
RING(TADZ_KEYRING) -
USAGE(CERTAUTH))
SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH
/*
//PERMIT EXEC PGM=IKJEFT01,DYNAMNBR=30
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROF NOPREF
SETR RACLIST(FACILITY) REFRESH
/*
-----------------------------------------------------------
//* *
//* To enable TADz Analyzer to use HTTP secure (HTTPS) using an *
//* existing CA certificate, 'Entrust Secure Server Root CA' in our *
//* example, the following steps should be implemented by your site's *
//* RACF Administrator: *
//* *
//* 1. Delete KEYRING(TADZ_KEYRING) and certificate with the *
//* LABEL('TADZCERT'). *
//* 2. Activate RACF Classes required for digital certificates. *
//* 3. Define Keyring TADZ_KEYRING. *
//* 4. Connect the existing CA certificate to the Keyring. *
//* 5. Refresh RACF Classes required for digital certificates. *
//* 6. Permit access to the Facility Class profiles. *
//* *
//* *
//* The following JCL demonstrates a sample implementation: *
//* 1. Update all occurrences of "Userid-running-HSISANLO" to reflect *
//* your TADz HTTPS environment. *
//* *
//* Do not change the RACF keyring 'TADZ_KEYRING' or label 'TADZCERT' *
//* unless you update the corresponding values in Analyzer PARMLIB *
//* member HSISANP2 and restart the Analyzer STC/Job. *
//*-------------------------------------------------------------------*
//RACFDEF EXEC PGM=IKJEFT01,DYNAMNBR=30
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROF NOPREF
RACDCERT DELETE(LABEL('TADZCERT')) ID(Userid-running-HSISANLO)
RACDCERT ID(Userid-running-HSISANLO) DELRING(TADZ_KEYRING)
SETROPTS CLASSACT(DIGTCERT,DIGTNMAP)
RACDCERT ID(Userid-running-HSISANLO) ADDRING(TADZ_KEYRING)
RACDCERT ID(Userid-running-HSISANLO) GENCERT -
SUBJECTSDN (CN('TADZCERT') -
OU('Your Dept.') -
C('US')) -
WITHLABEL('TADZCERT')
RACDCERT ID(Userid-running-HSISANLO) -
CONNECT(ID(Userid-running-HSISANLO) -
LABEL('TADZCERT') -
RING(TADZ_KEYRING) -
DEFAULT -
USAGE(PERSONAL))
RACDCERT ID(Userid-running-HSISANLO) -
CONNECT(ID(Userid-running-HSISANLO) CERTAUTH -
LABEL('Entrust Secure Server Root CA') -
RING(TADZ_KEYRING) -
USAGE(CERTAUTH))
SETROPTS RACLIST(DIGTCERT,DIGTNMAP) REFRESH
/*
//PERMIT EXEC PGM=IKJEFT01,DYNAMNBR=30
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROF NOPREF
RDEL FACILITY IRR.DIGTCERT.LIST
RDEL FACILITY IRR.DIGTCERT.LISTRING
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) -
ID(Userid-running-HSISANLO) AC(READ)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) -
ID(Userid-running-HSISANLO) AC(READ)
SETR RACLIST(FACILITY) REFRESH
/*
Release : 16.0
Component : CA Top Secret for z/OS