Zowe setting up zowe server ID to access digital certificates and KEYRINGs
Article ID: 281298
Updated On:
Products
Issue/Introduction
Sandbox is showing multiple issues. "Eureka request failed to endpoint", "Caused by: java.io.IOException: R_datalib (IRRSDL00) error: not RACF authorized to use the requested service (8, 8, 8) "
Cause
The issue happens when the STC user doesn't have control of the keyring
Resolution
In this scenario:
• Certificate is signed by an external CA.
• Key ring name is RING01.
• Certificate and key ring are owned by ZWESVUSR, which is the zowe server user ID.
1, Grant the zowe server user ID UPDATE access to the key ring. (ZWESVUSR), the zowe server user ID needs this access.
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(ZWESVUSR) ACCESS(UPDATE)
2. If the FACILITY class is not already active, activate and RACLIST it:
SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY)
3. If the FACILITY class is already active and RACLISTed, refresh it:
SETROPTS RACLIST(FACILITY) REFRESH
4. Permit the zowe server to access the private key. It needs CONTROL access to IRR.DIGTCERT.GENCERT.
PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(ZWESVUSR) ACCESS(CONTROL)
2. If the RDATALIB class is not already active, activate it and RACLIST it, as follows:
SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB)
3. If the RDATALIB class is already active and RACLISTed, refresh it, as follows:
SETROPTS RACLIST(RDATALIB) REFRESH
Additional Information
For additional information please reference :
Feedback
