ACF2 Webadmin KEYTOOL Import PKCS12 Certificate into USS JKS Keystore
Article ID: 201646
Updated On:
Products
Issue/Introduction
Attempting to replace a certificate for the Webadmin that will expire. Certificate was renewed with ACF2, EXPORTed, how can the renewed certificate be imported in the USS JKS Keystore using KEYTOOL?
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
Keytool command parameters to import the ACF EXPORTed pkcs12der certificate into a JKS store in USS.
From TSO ACF:
export LDAP.SYS1ACF DSN('LDAP.SYS1ACF.EXPDER') FORMA(PKCS12DER) PASSWORD(xxxxxx)
From TSO option 6:
oput 'LDAP2.SYS1ACF.EXPDER' '/u/user002/ldap2.cer' binary
Sample Keytool command for import of PKCS12 certificate:
keytool -v -importkeystore -srckeystore filename -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS
PKCS12 Certificate ldap2.cer in current directory /u/user002, truststore.jks will be created.
keytool -v -importkeystore -srckeystore ldap2.cer -srcstoretype PKCS12 -destkeystore truststore.jks -deststoretype JKS
USER002:/u/user002: >keytool -v -importkeystore -srckeystore ldap2.cer -srcstore
type PKCS12 -destkeystore truststore.jks -deststoretype JKS
Enter destination keystore password: xxxxxx
Re-enter new password: xxxxxx
Enter source keystore password: xxxxxx <= password specified on the ACF EXPORT
Entry for alias ldap.sys1acf successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
cancelled
ÝStoring truststore.jks¨
USER002:/u/user002: >
USER002:/u/user002: >ls -l
total 16808
-rw-r--r-- 1 USER002 SYS1TEST 3056 Oct 16 07:35 truststore.jks
Feedback
