The Resource Access Control Facility (RACF®)
customization jobs create an SSL keyring owned by the WebSphere® Application
Server for z/OS® administrator. This SSL keyring contains
the digital certificate needed to communicate with WebSphere Application
Server. Other MVS™ user IDs, which require WebSphere Application
Server for z/OS administration require additional customization.
Before you begin
The Resource Access Control Facility (RACF)
customization jobs create an SSL keyring owned by the WebSphere Application
Server for z/OS administrator containing the digital certificate
needed to communicate with WebSphere Application Server.
However, additional customization is required for administration by
other MVS user IDs.
Note that the MVS user
ID in the description below is the MVS user
ID under which the wsadmin process is running, not the user
ID specified in the wsadmin request.
About this task
In the example below:
- yyyyy is the user ID of the new WebSphere Application
Server for z/OS administrator
- xxxxx is the name of the keyring that is specified in soap.client.props in
the profile_root/properties directory.
- zzzzz is the label name used in the BBOSBRAK jobs to
specify which certificate authority certificate was used to generate
server keys
Procedure
- If the new administrator is not a member of the WebSphere Application Server for z/OS administrative
group, make sure that the new user ID has access to the appropriate RACF keyrings
and digital certificates. For example:
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(yyyyy) ACC(READ)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(yyyyy) ACC(READ)
- Use the setup completed by the customization jobs as a
model for the additional steps. This information is in
the BBOCBRAK member of the <HLQ>.DATA data set generated during
the customization process. The BBOCBRAK job contains the set of RACF commands
that were used:
/* Generating SSL keyrings for WebSphere administrator */
RACDCERT ADDRING(xxxxx) ID( yyyyyy )
/* Connect WebSphere Application Server CA Certificates to Servers keyring */
"RACDCERT ID(yyyyy) CONNECT (RING(xxxxx) LABEL('zzzzz') CERTAUTH"
SETROPTS RACLIST(FACILITY) REFRESH"