ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CTS URIMAP Definition And CERTIFICATE.

book

Article ID: 49332

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ecoMeter Server Component FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA On Demand Portal CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

Definition of URIMAP in CTS with a Certificate gets CICS message error as follows:

DFHAM4928 E MYCICS 425 Install of URIMAP MY-URIMAP failed because the specified certificate does not have a private key.

Solution:

The URIMAP definition: 

  DEFINE URIMAP(MY-URIMAP) GROUP(WEBGRP1)
   STATUS(ENABLED) USAGE(CLIENT) SCHEME(HTTPS) PORT(NO)
   HOST(my.website.com) PATH(/service/SOAP/SILOSGW/MYCONSUMER)
   SOCKETCLOSE(0) ANALYZER(NO)
   CIPHERS(050435363738392F303132330A1613100D0915120F0C03060201)
   CERTIFICATE(MYCERT001) AUTHENTICATE(NO) REDIRECTTYPE(NONE)
   DEFINETIME(12/05/23 16:08:07) CHANGETIME(12/05/23 16:08:07)
   CHANGEUSRID(CUSER001) CHANGEAGENT(CSDBATCH) CHANGEAGREL(0670)

In this case the certificate MYCERT001 must have a PRIVATE key.

Useful information can be found at:

http://en.wikipedia.org/wiki/Transport_Layer_Security

The client sends a CertificateVerify message, which is a signature over the previous handshake messages using the client's certificate's private key. This signature can be verified by using the client's certificate's public key. This lets the server know that the client has access to the private key of the certificate and thus owns the certificate.

So having a client certificate private key is fundamental to a successful SSL handshake.

Environment

Release:
Component: AWAGNT
Powered by Wolken Software