Conversion steps for MOI and MSS to use TLS 1.2 level security
search cancel

Conversion steps for MOI and MSS to use TLS 1.2 level security

book

Article ID: 224380

calendar_today

Updated On:

Products

Mainframe Operational Intelligence

Issue/Introduction

Mainframe Operational Intelligence (MOI) 2.0.06 and Message Service Server (MSS) currently use TLS 1.0 for security between the products.

You now require TLS 1.2.

This document provides the steps needed for both MSS and MOI to change the TLS version to 1.2.

Environment

Release : 2.0
Component : MF OPERATIONAL INTELLIGENCE
Service pack:   2.0.0*

Resolution

NOTE:  If you are not sharing the ZMSENVT2 member across a SYSPLEX, you will need to  perform Steps 1 through 3 for each MSS that you have installed before completing Steps 4 and 5. 
 
To change your TLS 1.0 level to TLS 1.2, you will first need to configure the Message Service Server environment variables.   
 
  1. Edit the ZMSENVT2 member in the <your deployment HLQ>.CAW0OPTV dataset

  2. Insert this line:
    1. IJO="$IJO -Dcom.ibm.jsse2.overrideDefaultTLS=true"

      The line should be inserted above the line that states:
      export IBM_JAVA_OPTIONS="$IJO "

  3. Stop and start the Message Service server started task
For example:
/P ZMSSTART
/S ZMSSTART
 

You will now need to make changes on the MOI appliance.
 
  1. File transfer the runscript_1632315435095.sh file, attached to this article, to the MOI appliance linux machine.
  2. Isue these commands:
chmod +x runscript.sh
./runscript.sh

Attachments

runscript_1632315435095.sh get_app
Powered by Wolken Software