search cancel

How to configure CSM to add new certificates as trusted without modifying the cacerts file that comes with each Java SDK?


Article ID: 200158


Updated On:


Mainframe Software Manager (Chorus Software Manager) CHORUS SOFTWARE MANAGER


The customer's "in-house" changes required new certificates for all SSL traffic both internal and external.  The certificates were imported into RACF for usage via  Keyrings for SMPE internet delivery jobs, both to IBM and CA/Broadcom.  Is there a way without having to modify the cacerts file that comes with each Java SDK to allow CSM to add these new certificates as trusted just like the batch internet delivery jobs?




Release : 6.0

Component : Chorus Software Manager (CSM)


Using instructions found in CA-Compliance Manager documentation on how to create a copy of the original java trust store, and then adding the 3 SWGAS required CA certificates to the new trust store, to then add the following statement in the .SAMPLIB(MSMLIB) member to point to the new trust store proved successful.


Note: After the MSMLIB modification restart the CSM Tomcat started task.