Conversion steps for MOI and MSS to use TLS 1.2 level security

book

Article ID: 224380

calendar_today

Updated On:

Products

CA Mainframe Operational Intelligence

Issue/Introduction

Mainframe Operational Intelligence (MOI) 2.0.06 and Message Service Server (MSS) currently use TLS 1.0 for security between the products.   Some customers are requiring TLS 1.2.   The resolution in this Knowledge Document provides the steps needed for both MSS and MOI to change the TLS version to 1.2. 

Environment

Release : 2.0

Component : MF OPERATIONAL INTELLIGENCE

Service pack:   2.0.0*

Resolution

NOTE:  If you are not sharing the ZMSENVT2 member parms across a SYSPLEX, you will need to  perform Steps 1 through 3 for each MSS that you have installed before completing Steps 4 and 5. 
 
To change your TLS 1.0 level to TLS 1.2, you will first need to configure the Message Service Server environment variables.   
 
1) Edit the ZMSENVT2 member in the <your deployment HLQ>.CAW0OPTV dataset

2) Insert this line:
IJO="$IJO -Dcom.ibm.jsse2.overrideDefaultTLS=true"

The line should be inserted above the line that states:
export IBM_JAVA_OPTIONS="$IJO "

3) Stop and start the Message Service server started task

For example:
/p ZMSSTART
/s ZMSSTART
 

4) You will now need to make changes on the MOI appliance. File transfer the runscript_1632315435095.sh attached to this Knowledge Doc to the MOI appliance linux machine. 
 
5) Then follow these steps:
chmod +x runscript.sh
./runscript.sh
 
 

Attachments

runscript_1632315435095.sh get_app