Can you secure JBOS with SSL?

book

Article ID: 33545

calendar_today

Updated On:

Products

CA Mainframe Chorus DBA Discipline CA Chorus for Storage Management CA Chorus for Storage Management

Issue/Introduction

Question:

Is there a way to secure JBOS with SSL? Running a port scan vulnerability report shows indicate plain text data being passed through the connection.

Answer:

Please ensure RO81395 is applied.

To have a secure connection, we need SSL enabled.

To setup SSL in Compliance Manger under Chorus, edit the cmgr_config.xml:

Obtain the value of the CATALINA_HOME environment variable. CATALINA_HOME is defined in the data set specified by the STDENV DD.

Find the configuration files that you need to modify for your system:

The CA Top Secret configuration file:
$CATALINA_HOME/webapps/VantageGMI/conf/tss/tss_config.xml

The CA Compliance Manager configuration file:
$CATALINA_HOME/webapps/cmgr/conf/cmgr/cmgr_config.xml

Within each configuration file, find the <server_info> block that contains connection information for your CA LDAP Server for z/OS.

Add <useTLS>true</useTLS> to the <server_info> block, as shown in the following example:

<tss classpath="com.ca.vantage.esmldap.EsmLdapTree" loginpage="/pages/esm/tss/login.jsp">
<tree id="258366f83beacc96c947354e4b90c24f" desc="CA TSS">
<server_info>
<host>ldap-server-hostname.yourcompany.com</host>
... (Various configuration directives appear here.) ...
<useTLS>true</useTLS>
</server_info>
</tree>
</tss>


Restart the CA Compliance Manager server.

 

Additional Information:

Please see the CA DSI Product Guide Chapter 4 which discusses setting up SSL.

 


 

Environment

Release:
Component: CHRSEC