search cancel

Need to convert RACF commands to TSS commands to implement SSL for IOAGATE/EM.

book

Article ID: 187531

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Need the following RACF commands converted to TSS commands to setup IOAGATE/EM with SSL

6. Import CACERT.PEM to RACF using the following command:
RACDCERT CERTAUTH ADD ('TSMP.CACERT.PEM') WITHLABEL('CACERTXX')
Choose XX so that the name is unique and does not conflict with an existing name.
7. Create IOAGATERING (if it does not already exist) with the following command:
RACDCERT ID(GATEUSER) ADDRING(IOAGATERING)
8. Connect CACERTXX to IOAGATERING with the command:
RACDCERT ID(GATEUSER) CONNECT(CERTAUTH LABEL('CACERTXX') RING(IOAGATERING))
9. Import IOAGATE's certificate with the command:
RACDCERT ID(GATEUSER) ADD('TSMP.IOAGATE.PCK12') TRUST WITHLABEL('IOAGATEXX') PASSWORD('ctm_zos_1310')
The hhmm part of the password can be found in the README file generated by Control-M/EM.
10. Connect IOAGATEXX to IOAGATERING with the command
RACDCERT ID(GATEUSER) CONNECT(ID(GATEUSER) LABEL('IOAGATEXX') RING(IOAGATERING) DEFAULT USAGE(PERSONAL))

 

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

6. Import CACERT.PEM to RACF using the following command:
RACDCERT CERTAUTH ADD ('TSMP.CACERT.PEM') WITHLABEL('CACERTXX')
Choose XX so that the name is unique and does not conflict with an existing name.

TSS ADD(CERTAUTH) DIGICERT(CACERTXX) DCDSN('TSMP.CACERT.PEM') LABLCERT('CACERTXX') 

7. Create IOAGATERING (if it does not already exist) with the following command:
RACDCERT ID(GATEUSER) ADDRING(IOAGATERING)

TSS ADD((GATEUSER) KEYRING(IOGATRNG) LABLRING(IOAGATERING)

8. Connect CACERTXX to IOAGATERING with the command:
RACDCERT ID(GATEUSER) CONNECT(CERTAUTH LABEL('CACERTXX') RING(IOAGATERING))

TSS ADD(GATEUSER) KEYRING(IOGATRNG) RINGDATA(CERTAUTH,CACERTXX) USAGE(CERTAUTH)

9. Import IOAGATE's certificate with the command:
RACDCERT ID(GATEUSER) ADD('TSMP.IOAGATE.PCK12') TRUST WITHLABEL('IOAGATEXX') PASSWORD('ctm_zos_1310')
The hhmm part of the password can be found in the README file generated by Control-M/EM.

TSS ADD(CERTSITE) DIGICERT(IOAGATXX) LABLCERT('IOAGATEXX') DCDSN('TSMP.IOAGATE.PCK12') -
PKCSPASS('ctm_zos_1310')

10. Connect IOAGATEXX to IOAGATERING with the command
RACDCERT ID(GATEUSER) CONNECT(ID(GATEUSER) LABEL('IOAGATEXX') RING(IOAGATERING) DEFAULT USAGE(PERSONAL)

TSS ADD(GATEUSER) KEYRING(IOGATRNG) RINGDATA(CERTSITE,IOAGATXX) USAGE(PERSONAL) DEFAULT

Regards,

Joseph Porto - Broadcom Level 1 Support