Trying to setup a keystore, what needs to be done for ACF2?

book

Article ID: 198829

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA LDAP Server for z/OS CA PAM Client for Linux for zSeries CA Web Administrator for Top Secret

Issue/Introduction

We are in the process of setting up a server.  Our current setup only has a trust store, and they would like to look into the option of setting up a keystore in addition to the trust store so we want to see what they benefits would be and if any special setup is required. 

Also we are making a connection to Azure so we have certs installed from Microsoft who have the habit of making changes to and invalidating their certs at a moments notice.  Is there anyway to setup any kind of alerts if a cert is going to be invalidated like we have the alerts for the expiring certs.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

ACF2 doesn't recognize any keystore or trust store. For ACF2 to recognize a certificate it must be inserted into the ACF2 database. ACF2 does not have a way of saying that a certificate is invalid, other than failing the connection process. At which point update the certificate needed to restore the connection.