[Version 5.0.1 and later]Setting up a keyring for use by Daemon SSL

Why and when to perform this task

Modify the customization job commands generated in BBOCBRAK (or HLQ.DATA(BBODBRAK) on WebSphere Application Server Network Deployment) to perform these steps:

Steps for this task

  1. Create a keyring for the daemon's MVS user ID to own. Generally, this is the same keyring name that was created for your application servers. Issue the following TSO command: RACDCERT ADDRING(keyringname) ID(daemonUserid)
  2. Generate a digital certificate for the daemon's MVS user ID to own. Issue the following TSO command: RACDCERT ID (daemonUserid) GENCERT SUBJECTSDN(CN('create a unique CN') O('IBM')) WITHLABEL('labelName') SIGNWITH(CERTAUTH LABEL('WebSphereCA'))
  3. Connect the generated certificate to the daemon's keyring. Issue the following TSO command: RACDCERT ID(daemonUserid) CONNECT (LABEL('labelName') RING(keyringname) DEFAULT)
  4. Connect the certificate authority (CA) certificate to the server's keyring. Issue the following TSO command: RACDCERT CONNECT (CERTAUTH LABEL(WebSphereCA) RING(keyringname))

Results

Tip: The CA certificate that is generated during configuration (WAS Test CertAuth) is an example. Use the CA you normally use to create user certificates, and connect the CA certificate to the daemon and server keyrings.


Related concepts
Setting up Secure Sockets Layer security for WebSphere Application Server for z/OS
Daemon Secure Sockets Layer



Searchable topic ID:   tsecsettupkeyring
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_settupkeyring.html

Library | Support | Terms of Use | Feedback