search cancel

ACF2 Webadmin KEYTOOL Import PKCS12 Certificate into USS JKS Keystore

book

Article ID: 201646

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Attempting to replace a certificate for the Webadmin that will expire. Certificate was renewed with ACF2, EXPORTed, how can the renewed certificate be imported in the USS JKS Keystore using KEYTOOL?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Keytool command parameters to import the ACF EXPORTed pkcs12der certificate into a JKS store in USS.

From TSO ACF:
export LDAP2.SYS1ACF DSN('LDAP2.SYS1ACF.EXPDER') FORMA(PKCS12DER) PASSWORD(xxxxxx)

From TSO option 6:
oput 'LDAP2.SYS1ACF.EXPDER' '/u/user002/ldap2.cer' binary 

Sample Keytool command for import of PKCS12 certificate:
keytool -v -importkeystore -srckeystore filename -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS

PKCS12 Certificate ldap2.cer in current directory /u/user002, truststore.jks will be created.
keytool -v -importkeystore -srckeystore ldap2.cer -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS

USER002:/u/user002: >keytool -v -importkeystore -srckeystore ldap2.cer -srcstore
type PKCS12 -destkeystore truststore.jks -deststoretype JKS                     
Enter destination keystore password: xxxxxx                                           
                                                                                
Re-enter new password: xxxxxx                                                         
                                                                                
Enter source keystore password: xxxxxx  <= password specified on the ACF EXPORT                                                
                                                                                
Entry for alias ldap2.sys1acf successfully imported.                           
Import command completed:  1 entries successfully imported, 0 entries failed or 
cancelled                                                                       
ÝStoring truststore.jks¨                                                        
USER002:/u/user002: >        


USER002:/u/user002: >ls -l                                           
total 16808                                                          
-rw-r--r--   1 USER002  SYS1TST     3056 Oct 16 07:35 truststore.jks