[Updated in February 2012]

Configuring file-based key stores in WebSphere Application Server for z/OS cell

This procedure describes the steps to configure, setup to use file-based key stores instead of SAF keyring to a WebSphere Application Server for z/OS cell similar to the distributed WebSphere Application Server environment.

Before you begin

A RACF certificate must already exist.

About this task

Below are the steps to change the CellDefaultSSLSettings , NodeDefaultSSLSettings to point to the file-based key stores instead of the SAF keyring for the cell and node or nodes under the cell.

Procedure

  1. Create new cell key stores to point to the keystore files You can use the existing CellDefaultKeyStore, CellDefaultTrustStore to point to the keystore files instead of the SAF keyring. You can also create a new CellDefaulKeyStore and CellDefaultTrustStore. In the following steps, CellDefaultKeyStore1 and CellDefaulTrustStore1 are created. The password for the keystore and truststore files is WebAS.
    1. Click Security > SSL certificate and key management > Key stores and certificates.
    2. Click the New button to create a new keystore and supply the name. CellDefaultKeyStore1
    3. Enter the file-based key store path /WebSphere/V6R1/DeploymentManager/profiles/default/etc/key.p12
    4. Supply the password.
    5. Click Apply/OK
    6. Click the New button to create a new truststore and supply the name. CellDefaultTrustStore1
    7. Enter the file-based trust store path /WebSphere/V6R1/DeploymentManager/profiles/default/etc/trust.p12
    8. Supply the password.
    9. Click Apply/OK
  2. Click Security > SSL certificate and key management
  3. Under Related Items, click SSL configurations
  4. Configure the CellDefaultSSLSettings to the new key stores.
    1. Click CellDefaultSSLSettings Under General properties, use the selection arrow in the Trust store name and Key store name box to select the appropriate key store and trust store.
      • For the Trust store name selection box, select CellDefaultTrustStore1.
      • For the Key store name selection box, select CellDefaultKeyStore1.
  5. Click Security > SSL certificate and key management > Key stores and certificates Verify that CellDefaultKeyStore1 and CellDefaultTrustStore1 have the proper paths.
  6. Click Apply/OK
  7. Create new node key stores to point to the keystore files You can use the existing NodeDefaultKeyStore, NodeDefaultTrustStore to point to the keystore files instead of the SAF keyring. You can also create a new NodelDefaulKeyStore and NodeDefaultTrustStore. In the following steps, NodeDefaultKeyStore1 and NodeDefaulTrustStore1 are created. The password for the keystore and truststore files is WebAS.
    1. Click Security > SSL certificate and key management > Key stores and certificates.
    2. Click the New button to create a new keystore and supply the name. NodeDefaultKeyStore1
    3. Enter the file-based key store path /WebSphere/V6R1/DeploymentManager/profiles/default/etc/key.p12
    4. Supply the password.
    5. Click Apply/OK
    6. Click the New button to create a new truststore and supply the name. NodeDefaultTrustStore1
    7. Supply the password.
    8. Click Apply/OK
    9. Click Servers > Application servers > server1 .
    10. Under Server security, click Server security > CSIv2 inbound transport > SSL configurations > CellDefaultSSLSetings
    11. Under Related items, click Key stores and certificates > NodeDefaultKeyStore The path will be the following: /WebSphere/V6R1/DeploymentManager/profiles/default/etc/key.p12
    12. Under Related items, click Key stores and certificates > NodeDefaultTrustStore The path will be the following: /WebSphere/V6R1/DeploymentManager/profiles/default/etc/trust.p12
  8. Configure the NodeDefaultSSLSettings to the new key stores
    1. Click Servers > Application servers > server1 .
    2. Under Server security, click Server security > CSIv2 inbound transport > SSL configurations
    3. Click NodelDefaultSSLSettings Under General properties, use the selection arrow in the Trust store name and key store name box to select the appropriate key store and trust store.
      • For the Trust store name selection box, select NodeDefaultTrustStore1.
      • For the Key store name selection box, selectNodeDefaultKeyStore1.
  9. Click Apply/OK

Results

You have successfully configured file-based key stores in a WebSphere Application Server for z/OS cell.

What to do next

Your z/OS cell can now use file-based key stores.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 12:02:36 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-zos&topic=tsec_config_fb_zos
File name: tsec_config_fb_zos_cell.html


[Updated in February 2012]
feb2012