I am trying to Configure the CA Web Administrator Server to Use SSL when communicating with the browser with Certificates that were GENCERT Using the z/OS Security Manager, How do I configure the server.xml file to point to the certificates?

book

Article ID: 14944

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction



I am trying to Configure the CA Web Administrator Server to Use SSL when communicating with the browser with Certificates that were GENCERT Using the z/OS Security Manager, How do I configure the server.xml file to point to the certificates?

Environment

Release:
Component: ACF2MS

Resolution

After generating the certificate with a z/OS Security Manager or when using an existing certificate in a z/OS Security Manager database, export the server certificate and its associated private key to an MVS data set. for example:

ACF
EXPORT SITECERT.WEBADM1 DSNAME('WEBADM1.export.cert') FORMAT(PKCS12DER) PASSWORD(storepass)

Copy the MVS data set to a z/OS UNIX file using the TSO/E OPUT command. We recommend that you specify an absolute pathname here, for example: /u/WebAdmin/cert/.

TSO
oput 'WEBADM1.export.cert' '/u/WebAdmin/cert/webcert' binary

To configure the CA Web Administrator server to use SSL when communicating with the browser, you must edit the server.xml file. This file is located in the conf directory within the CA Web Administrator installation directory. For example:

Replace:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS" />

With:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS"
          keystoreFile="/u/WebAdmin/cert/webcert"
           keystorePass="storepass"
          keystoreType="pkcs12" />