This procedure describes the steps to configure, setup
to use file-based key stores instead of SAF keyring to a WebSphere
Application Server for z/OS cell similar to the distributed WebSphere
Application Server environment.
Before you begin
A RACF certificate must already exist.
About this task
Below are the steps to change the CellDefaultSSLSettings
, NodeDefaultSSLSettings to point to the file-based key stores instead
of the SAF keyring for the cell and node or nodes under the cell.
Procedure
- Create new cell key stores to point to the keystore files
You can use the existing CellDefaultKeyStore, CellDefaultTrustStore
to point to the keystore files instead of the SAF keyring. You can
also create a new CellDefaulKeyStore and CellDefaultTrustStore. In
the following steps, CellDefaultKeyStore1 and CellDefaulTrustStore1 are
created. The password for the keystore and truststore files is WebAS.
- Click Security > SSL certificate and key management
> Key stores and certificates.
- Click the New button to create a new keystore
and supply the name. CellDefaultKeyStore1
- Enter the file-based key store path /WebSphere/V6R1/DeploymentManager/profiles/default/etc/key.p12
- Supply the password.
- Click Apply/OK
- Click the New button to create a new truststore
and supply the name. CellDefaultTrustStore1
- Enter the file-based trust store path /WebSphere/V6R1/DeploymentManager/profiles/default/etc/trust.p12
- Supply the password.
- Click Apply/OK
- Click Security > SSL certificate and key management
- Under Related Items, click SSL configurations
- Configure the CellDefaultSSLSettings to the new key stores.
- Click CellDefaultSSLSettings Under
General properties, use the selection arrow in the Trust store name
and Key store name box to select the appropriate key store and trust
store.
- For the Trust store name selection box, select CellDefaultTrustStore1.
- For the Key store name selection box, select CellDefaultKeyStore1.
- Click Security > SSL certificate and key management
> Key stores and certificates Verify that CellDefaultKeyStore1 and CellDefaultTrustStore1 have
the proper paths.
- Click Apply/OK
- Create new node key stores to point to the keystore files
You can use the existing NodeDefaultKeyStore, NodeDefaultTrustStore
to point to the keystore files instead of the SAF keyring. You can
also create a new NodelDefaulKeyStore and NodeDefaultTrustStore. In
the following steps, NodeDefaultKeyStore1 and NodeDefaulTrustStore1 are
created. The password for the keystore and truststore files is WebAS.
- Click Security > SSL certificate and key management
> Key stores and certificates.
- Click the New button to create a new keystore
and supply the name. NodeDefaultKeyStore1
- Enter the file-based key store path /WebSphere/V6R1/DeploymentManager/profiles/default/etc/key.p12
- Supply the password.
- Click Apply/OK
- Click the New button to create a new truststore
and supply the name. NodeDefaultTrustStore1
- Supply the password.
- Click Apply/OK
- Click Servers > Application servers > server1 .
- Under Server security, click Server security > CSIv2
inbound transport > SSL configurations > CellDefaultSSLSetings
- Under Related items, click Key stores and certificates
> NodeDefaultKeyStore The path will be the following: /WebSphere/V6R1/DeploymentManager/profiles/default/etc/key.p12
- Under Related items, click Key stores and certificates
> NodeDefaultTrustStore The path will be the following: /WebSphere/V6R1/DeploymentManager/profiles/default/etc/trust.p12
- Configure the NodeDefaultSSLSettings to the new key stores
- Click Servers > Application servers > server1 .
- Under Server security, click Server security > CSIv2
inbound transport > SSL configurations
- Click NodelDefaultSSLSettings Under
General properties, use the selection arrow in the Trust store name
and key store name box to select the appropriate key store and trust
store.
- For the Trust store name selection box, select NodeDefaultTrustStore1.
- For the Key store name selection box, selectNodeDefaultKeyStore1.
- Click Apply/OK
Results
You have successfully configured file-based key stores in
a WebSphere Application Server for z/OS cell.
What to do next
Your z/OS cell can now use file-based key stores.