How to Configure the CCISSL settings in the ConfigTool for CA Output Management Web Viewer 12.1?

Document ID : KB000042598
Last Modified Date : 11/01/2019
Show Technical Document Details
Introduction:

How to Configure SSL for CCI in the ConfigTool for CA Output Management Web Viewer 12.1?


 

    Instructions:

    Run the ConfigTool and select CCI Settings.  
    Config Tool Settings:
    • [CCI <Common Communications Interface> Server]
          Specify the name or IP address of LPAR where CCISSL is running
    • [CCI <Common Communications Interface> Port]
          Specify the port CCISSL is listening on (check the output of the CCISSL task to find this information.)
    • [CCI <Common Communications Interface> Client System ID]
           Enter an 8 character name for the Web Viewer server that is unique in the first 8 characters.  This is not a network name.  It is a label name that you create.
    • [CCISSL SSLConnection]
        Select Defer decision to use SSL to host
    • Test and Save

    Manual Settings:

    Then if you are going to be using CCISSL with TLS V1.2 and certificates, edit the CCIClient.properties file and update the following fields:
    • SSL.ForceSecureTransport=[0|1]

              “0” (zero) for no, “1” for yes.
     Enabling this option also forces on the option for Force secure connection from Client to Host. Requires end-to-end SSL for all CCI requests, including routing across hosts. This indicates that SSL is required by the Client. If the Server does not support SSL, the connection request fails. This setting is applicable if the target CCI server is on a different LPAR than the referenced DRAS tasks. If DRAS the tasks are on a different LPAR, SSL.ForceSecureTransport=1 requires SSL between CCI tasks on a different LPAR; otherwise, the connection fails.
    The default setting is “0”.
    • SSL.Protocol=[SSLv3|TLSv1]

    This protocol setting must be compatible with the mainframe CCISSL task's setting for PROT. The default setting is “TLSv1”.

    • SSL.SSLPPATH=config

    Do not edit. This will resolve to $CAOMWV12_HOME/config.
     

    • SSL.SSLKeyWord=

    This is the password for KeyStore file and (if applicable) the private certificate password. If you are using a client end user certificate, the KeyStore password must match the private key password. 
    Note: This field supports plain text and encrypted passwords.  The CA OM Web Viewer configuration tool (when available) will encrypt this value.

     









     
    Additional Information:
    You must have apar RO78064 DRAS UNAVAILABLE ERROR WITH SSL BUILD 78 FOR SOCKET CLOSURE or higher applied to use SSL with CCI.  If you do not have this maintenance applied, you will not see the parameters listed above.  Please apply the latest build to make sure that you have all the needed maintenance applied.

    How to locate the latest build (maintenance) for CA Output Management Web Viewer 12.1?