![[z/OS]](../images/ngzos.gif)
Configuring the root certificate keyring
WebSphere® Application Server provides the function to allow a WebSphere Application Server administrator to perform certificate management operations on System Authorization Facility (SAF) keyrings by utilizing the (Open Cryptographic Services Facility) OCSF Data library functions for SAF keyrings. This task configures the root certificate keyring.
Before you begin
About this task
The root certificate authority (CA) certificate is used to sign other certificates for WebSphere Application Server. By default, during profile management, the default root keying (NodeDefaultRootStore or DmgrDefaultRootStore for a deployment manager), and the root CA certificate, are automatically configured. Alternatively, if migrating from a pervious WebSphere Application Server installation, you can set up the root keyring for a keystore object using the following steps.
Procedure
Results
What to do next
- Under Additional Properties, on the keystore collection panel, click Personal Certificates.
- Verify that the certificate appears in the list.
- When attempting to create a new keyring the follow error message
can occur:
This message indicates that you attempted to create a new keyring and did not have native writable support installed. You must be running at z/OS release 1.9 or 1.8 with APAR's OA22287 and OA22295.R_datalib (IRRSDL00) error: One or more updates could not be completed. Requested Function_code not defined. Function code: (7) Return Codes: (8, 8, 20)
- The following message can occur when attempting to perform write operations on a SAF keyring,
operations such as, creating or deleting a
certificate:
This message is received if you have not defined the correct RACF authority. See the document Defining RACF authority for Clients and Servers in the z/OS Internet Library.Error Message: An error occurred creating the key store: R_datalib (IRRSDL00) error: One or more updates could not be completed. Not RACF authorized to use the requested service. Function code: (7) Return Codes: (8, 8, 8)
- The following message can occur when performing write operations
if the underlying keyring does not exist in RACF.
Ensure the keyring exists in RACF prior to performing certificate management write operations.R_datalib (IRRSDL00) error: profile for ring not found (8, 8, 84)