Follow these steps to configure a keyring for use by Daemon
Secure Sockets Layer.
About this task
Modify the customization job commands generated in BBOCBRAK
(or HLQ.DATA(BBODBRAK) on WebSphere® Application Server, Network Deployment) to perform
these steps:
Procedure
- Create a keyring for the daemon’s MVS™ user
ID to own. Generally, this is the same keyring name that was created
for your application servers. Issue the following TSO command: RACDCERT
ADDRING(keyringname) ID(daemonUserid)
- Generate a digital certificate for the daemon’s MVS user
ID to own by issuing the following TSO command:
RACDCERT ID (daemonUserid) GENCERT SUBJECTSDN(CN('create a unique CN') O('IBM'))
WITHLABEL('labelName') SIGNWITH(CERTAUTH LABEL('WebSphereCA'))
- Connect the generated certificate to the daemon’s keyring
by issuing the following TSO command:
RACDCERT ID(daemonUserid) CONNECT (LABEL('labelName') RING(keyringname) DEFAULT)
- Connect the certificate authority (CA) certificate to the
server’s keyring by issuing the following TSO command:
RACDCERT CONNECT (CERTAUTH LABEL(WebSphereCA) RING(keyringname))
Results
Tip: The CA certificate that is generated during
configuration (WAS Test CertAuth) is an example. Use the CA you normally
use to create user certificates, and connect the CA certificate to
the daemon and server keyrings.