search cancel

How to configure CSM to add new certificates as trusted without modifying the cacerts file that comes with each Java SDK?

book

Article ID: 200158

calendar_today

Updated On:

Products

Mainframe Software Manager (Chorus Software Manager) CHORUS SOFTWARE MANAGER

Issue/Introduction

The customer's "in-house" changes required new certificates for all SSL traffic both internal and external.  The certificates were imported into RACF for usage via  Keyrings for SMPE internet delivery jobs, both to IBM and CA/Broadcom.  Is there a way without having to modify the cacerts file that comes with each Java SDK to allow CSM to add these new certificates as trusted just like the batch internet delivery jobs?

 

 

Environment

Release : 6.0

Component : Chorus Software Manager (CSM)

Resolution

Using instructions found in CA-Compliance Manager documentation on how to create a copy of the original java trust store, and then adding the 3 SWGAS required CA certificates to the new trust store, to then add the following statement in the .SAMPLIB(MSMLIB) member to point to the new trust store proved successful.

IJO="$IJO -Djavax.net.ssl.trustStore=/etc/security/cacerts"

Note: After the MSMLIB modification restart the CSM Tomcat started task.