[Version 5.0.2 and later]SSL considerations for WebSphere Application Server administrators

Before you begin[Version 5.0.2 and later]

The RACF customization jobs create an SSL Keyring owned by the WebSphere Application Server for z/OS administrator containing the digital certificate needed to communicate with WebSphere Application Server. However, additional customization is required for administration by other MVS user IDs.

Note that the MVS user ID in the description below is the MVS user ID under which the wsadmin.sh process is running, not the user ID specified in the wsadmin request.

Why and when to perform this task[Version 5.0.2 and later]

In the example below:

Steps for this task

  1. If the new administrator is not a member of the WebSphere Application Server for z/OS administrative group, make sure that the new user ID has access to the appropriate RACF keyrings and digital certificates.
    For example:
    PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(yyyyy) ACC(READ)
    PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(yyyyy) ACC(READ)
    
  2. Use the setup completed by the customization jobs as a model for the additional steps.
    This information is in the BBOCBRAK member of the <HLQ>.DATA data set generated during the customization process. The BBOCBRAK job contains the set of RACF commands that were used:
      /* Generating SSL keyrings for WebSphere administrator                    */     
    RACDCERT ADDRING(xxxxx) ID( yyyyyy )                                                                                                                                                       
      /* Connect WAS CA Certificates to Servers keyring                       */     
    "RACDCERT ID(yyyyy) CONNECT (RING(xxxxxx) LABEL('zzzzzzz')   CERTAUTH"                                               
    SETROPTS RACLIST(FACILITY) REFRESH" 
    

Related reference
Setting up Secure Sockets Layer security for WebSphere Application Server for z/OS



Searchable topic ID:   tsecsslconsideradmin
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_sslconsideradmin.html

Library | Support | Terms of Use | Feedback