Currently large companies implement the standard security controls for the SYSVIEW REST API, using the keystore as per the config instructions in TechDocs, however this causes a problem as documented below when rolling out across a large number of LPARs:
It's needed to update each single certificate in our system to be able to connect to the API’s on every LPAR.
15 LPARS means 15 certificates to add into servers doing the calls.
When a certificate gets updated by Mainframe, the server needs to be updated too. If not done, then it's not possible to connect to the API.
The appropriate way is to request certificates from the certificate center by creating a key on the server, generating a certificate request from that key, and send this certificate request to the certification center.
Returning the certificate in PEM format. As these are signed by the root.
For every added LPAR or renewal of the certificate, the Mainframe teams requests the certificate from the certification center and those will be trusted by the server using the certificate chain already installed.
How to address this?
Release : 16.0
Component : SYSVIEW