We need to renew the OpenSSL certificates used with CA XCOM for z/OS that will expire next month. What would be the procedure to follow?
CA XCOM r11.6 or r12.0 for z/OS
If you used the XCOM sample "make" scripts to generate your SSL certificates for z/OS you will need to:
a. backup your ssl directory and configssl.cnf
b. remove all the files and/or directories:
- all index.* files
- all serial and serial.* files
- the certs and private directories
- the random.pem file
c. set your new expiration dates in your cassl.conf file, parameter "default_days=" and modify the "makeca" scripts OPENSSL command:
Openssl req x509 newkey rsa out ./certs/cassl.pem outform PEM -days nnn
where "nnn" is the amount of days you want to certificate to be valid for.
NOTE: This is documented in our XCOM Admin guide.
d. run the makeca, makeclient, makeserver scripts.
e. run the listca, listclient, listserver scripts to verify your expiration dates
f. run a loopback transfers to make sure the certificates are valid.
The above instructions are only valid if you used our sample "make" scripts. If your certificates were acquired via a third party vendor then you need to check with your Security Admin for those procedures.
You may find similar Knowledge Documents for CA XCOM for Windows/Linux/Unix while searching for related documents.