zowe Certificate Setup
search cancel

zowe Certificate Setup

book

Article ID: 253614

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

The  zowe API setup documentation requires a digital certificafe with Extended Key Usage Metadata.

How can this be done with Top Secret?

Resolution

Top Secret cannot generate a certificate with Extended Key Usage metadata.

Use a 3rd party certificate utility like gskkyman or keytools to generate a certificate with Extended Key Usage metadata, then import into Top Secret with the following TSS commands:

  1. To import the 3rd party generated client certificate into Top Secret: 
    TSS ADD(CERTSITE) DIGICERT(digicertname) DCDSN(datasetname) PKCSPASS(password)

  2. If the CA/root certificate was not included in your client's certificate dataset and in a different dataset, use the following command to add it to Top Secret:
    TSS ADD(CERTAUTH) DIGICERT(digicertname) DCDSN(datasetname)
    Note: Repeat this step if there are intermediate root certificates.

  3. Create keyring if it doesn’t already exist. Skip this step, if it does.
    TSS ADD(acid) KEYRING(8-char-keyringname) LABLRING(upto-255-char-(keyring_label_name)

  4. Add client certificate to keyring:
    TSS ADD(acid) KEYRING(8-char-keyringname) RINGDATA(CERTSITE,digicertname) USAGE(PERSONAL) DEFAULT
  5. Add CA/root certificates to the keyring:
    TSS ADD(acid) KEYRING(8-char-keyringname) RINGDATA(CERTAUTH,digicertname) USAGE(CERTAUTH)   
    Note: II there is more than one CA/root, repeat step for other CA/roots.