I am trying to Configure the CA Web Administrator Server to Use SSL when communicating with the browser with Certificates that were GENCERT Using the z/OS Security Manager, How do I configure the server.xml file to point to the certificates?

Document ID : KB000014944
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I am trying to Configure the CA Web Administrator Server to Use SSL when communicating with the browser with Certificates that were GENCERT Using the z/OS Security Manager, How do I configure the server.xml file to point to the certificates?

Answer:

After generating the certificate with a z/OS Security Manager or when using an existing certificate in a z/OS Security Manager database, export the server certificate and its associated private key to an MVS data set. for example:

ACF
EXPORT SITECERT.WEBADM1 DSNAME('WEBADM1.export.cert') FORMAT(PKCS12DER) PASSWORD(storepass)

Copy the MVS data set to a z/OS UNIX file using the TSO/E OPUT command. We recommend that you specify an absolute pathname here, for example: /u/WebAdmin/cert/.

TSO
oput 'WEBADM1.export.cert' '/u/WebAdmin/cert/webcert' binary

To configure the CA Web Administrator server to use SSL when communicating with the browser, you must edit the server.xml file. This file is located in the conf directory within the CA Web Administrator installation directory. For example:

Replace:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS" />

With:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS"
          keystoreFile="/u/WebAdmin/cert/webcert"
           keystorePass="storepass"
          keystoreType="pkcs12" />