Creating Secure Sockets Layer digital certificates and System Authorization Facility keyrings that applications can use to initiate HTTPS requests
You can create Secure Sockets Layer (SSL) digital certificates and System Authorization Facility (SAF) keyrings that applications can use to initiate HTTPS requests.
About this task
If you use keystores and trust stores in a Hierarchical File System (HFS), a file name uniquely identifies the file within the file system.
Procedure
Results
Note:
Consider that:
- The repertoire type that is pointed to by the SSLConfig definition
must be a Java™ Secure Socket Extension (JSSE)
repertoire. This repertoire can be configured to refer to:
- Java Key Store (JKS) key store and trust store files in an HFS file
- SAF keyrings such as RACFJSSESettings
- The scope of the repertoire definition depends upon the type of
repertoire. For example:
- When the repertoire refers to a SAF keyring, the keyring must be owned by the MVS user ID of process that uses it. The customization jobs create keyrings that are owned by the WebSphere Application Server for z/OS controller started task user ID. WebSphere Application Server web services clients run using the user ID of the WebSphere Application Server for z/OS servant region's started task user ID. This means that you must create a new keyring to be owned by the servant region's user ID. This user ID is used by WebSphere Application Server web services clients even if you specify an existing SSL repertoire.
- When the repertoire refers to an HFS file, all processes can share the key stores. If you use key stores and trust stores in an HFS, a file name uniquely identifies the file within the file system.
Some digital certificate and keyring management is required to edit and use the sslConfig property, which is one of the user-definable ibm-webservicesclient-bnd.xmi assembly properties. .