List MOI keystore certificates when Java is not installed on Linux server
search cancel

List MOI keystore certificates when Java is not installed on Linux server

book

Article ID: 377780

calendar_today

Updated On:

Products

Mainframe Operational Intelligence

Issue/Introduction

Java is not allowed to be installed on our Mainframe Operational Intelligence (MOI) Red Hat Linux server, so the keytool utility is not available.
Is there a way to list the certificates in a MOI keystore?

Environment

Mainframe Operational Intelligence (MOI) 2.1
Red Hat Enterprise Linux

Resolution

Per Configure CCS Message Service for TLS/SSL the moi-mss-utility can be used to list the certificates:
./moi-mss-utility listCerts


Alternatively, although MOI 2.1 does not install Java (it is not a prerequisite) into the Linux OS itself, the mtcac docker container does contain a Java install. To get inside that container this command can be used:
docker exec -it mtcac_mtcac_1 bash
However the directory containing the keystore also needs to be visible in that container.

These steps should be successful:

  1. Edit the /opt/moi/mtcac/normal/docker-compose.yml and add this line at the end of file.
    ${PLEXCONFIG}/etc:/var/config

  2. Restart the MOI service (systemctl restart moi)

  3. Issue below commands:
    # docker exec -it mtcac_mtcac_1 bash
    root@mtcac:/opt/CA/mtcac>cd /var/config/MSS-Hub-Certs/generatedKeystores/HUB_STORE/
    root@mtcac:/var/config/MSS-Hub-Certs/generatedKeystores/HUB_STORE>cat password.properties
    keystorepassword= YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
    truststorepassword= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Note down the truststorepassword which is required in the following step.
    root@mtcac:/var/config/MSS-Hub-Certs/generatedKeystores/HUB_STORE>keytool -list -v -keystore broker.ts -storepass XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | grep -i alias
Powered by Wolken Software