WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: z/OS

             Personalize the table of contents and search results
This topic applies only on the z/OS operating system.

Setting up a keyring for use by Daemon Secure Sockets Layer

Follow these steps to configure a keyring for use by Daemon Secure Sockets Layer.

About this task

Modify the customization job commands generated in BBOCBRAK (or HLQ.DATA(BBODBRAK) on WebSphere Application Server Network Deployment) to perform these steps:

Procedure

  1. Create a keyring for the daemon’s MVS user ID to own. Generally, this is the same keyring name that was created for your application servers. Issue the following TSO command: RACDCERT ADDRING(keyringname) ID(daemonUserid)
  2. Generate a digital certificate for the daemon’s MVS user ID to own by issuing the following TSO command:
    RACDCERT ID (daemonUserid) GENCERT SUBJECTSDN(CN('create a unique CN') O('IBM')) 
    WITHLABEL('labelName') SIGNWITH(CERTAUTH LABEL('WebSphereCA'))
  3. Connect the generated certificate to the daemon’s keyring by issuing the following TSO command:
    RACDCERT ID(daemonUserid) CONNECT (LABEL('labelName') RING(keyringname) DEFAULT)
  4. Connect the certificate authority (CA) certificate to the server’s keyring by issuing the following TSO command:
    RACDCERT CONNECT (CERTAUTH LABEL(WebSphereCA) RING(keyringname))

Results

Tip: The CA certificate that is generated during configuration (WAS Test CertAuth) is an example. Use the CA you normally use to create user certificates, and connect the CA certificate to the daemon and server keyrings.



In this information ...


IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests
Task topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/tsec_settupkeyring.html