I am trying to Configure the CA Web Administrator Server to Use SSL when communicating with the browser with Certificates that were GENCERT Using the z/OS Security Manager, How do I configure the server.xml file to point to the certificates?
Article ID: 14944
Updated On:
Products
Issue/Introduction
I am trying to Configure the CA Web Administrator Server to Use SSL when communicating with the browser with Certificates that were GENCERT Using the z/OS Security Manager, How do I configure the server.xml file to point to the certificates?
Environment
Component: ACF2MS
Resolution
After generating the certificate with a z/OS Security Manager or when using an existing certificate in a z/OS Security Manager database, export the server certificate and its associated private key to an MVS data set. for example:
ACF
EXPORT SITECERT.WEBADM1 DSNAME('WEBADM1.export.cert') FORMAT(PKCS12DER) PASSWORD(password)
Copy the MVS data set to a z/OS UNIX file using the TSO/E OPUT command. We recommend that you specify an absolute pathname here, for example: /u/WebAdmin/cert/.
TSO
oput 'WEBADM1.export.cert' '/u/WebAdmin/cert/webcert' binary
To configure the CA Web Administrator server to use SSL when communicating with the browser, you must edit the server.xml file. This file is located in the conf directory within the CA Web Administrator installation directory. For example:
Replace:
<Connector port="nnnn" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
With:
<Connector port="nnnn" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/u/WebAdmin/cert/webcert"
keystorePass="password"
keystoreType="pkcs12" />
Feedback
