CA Web Viewer 12.1 Export Certificate from RACF Keyring

Document ID : KB000129578
Last Modified Date : 15/03/2019
Show Technical Document Details
Introduction:
How to export a certificate from a RACF keyring associated with CCISSL and import it into  a matching ,jks certificate file for CA Output Management Web Viewer for USS. 

An System SSL Trace showed this error. SSLHandshakeException General SSLEngine problem 
 
Environment:
IBM RACF
Common Services CCISSL 14.1
Common Services Tomcat
System SSL
CA Output Management Web Viewer for USS

 
Instructions:
  1. Issue this RACF command:
    RACDCERT EXPORT(LABEL('labelname')) CERTAUTH DSN(data-set-name) FORMAT(CERTDER)
  2.  Using binary mode copy 'data-set-name' to ....../CA_OM_Web_Viewer/NMVS/config/trust.cer
  3.  In TSO OMVS, enter these commands:
    1. cd ....../CA_OM_Web_Viewer/NMVS/config/
    2. export PATH=$PATH:/usr/lpp/java/J8.0_64/bin    (for example)
    3. keytool -importcert -keystore truststore.jks -storepass your_password -trustcacerts -noprompt -file trust.cer -v
  4. A new file truststore.jks file will be created and contain the CA certificate as a trusted cert entry.
  5. In CCIClient.properties, specify these lines, add if needed:
    1.  SSL.TrustStore=truststore.jks
    2. SSL.TrustStorePassword=your_password (your_password is the -storepass entry specified in the keytool command)
  6. Restart Tomcat