This step involves using FTP to transfer the signed personal
certificate from the server to the client machine, then using ikeyman
to create a Java™ keystore (jks)
file where the certificate is then stored.
ikeyman is provided as part of the Java Runtime Environment.
- Transfer the personal certificate to your Client machine using
either an FTP client or the command line.
In the previous task,
you specified FORMAT(CERTB64) to ensure that the certificate was stored
in ASCII. You must therefore specify ASCII when you transfer the certificate
using FTP, for example:
C:\CICSTG>ftp server
Connected to server.company.com
User (server.company.com:(none)): name
331 Send password please. Password: 230 name is logged on.
Working directory is "/u/directory".
ftp> asc
200 Representation type is Ascii NonPrint
ftp> get 'CTGUSER.PERSONAL.CERT'
200 Port request OK. 125 Sending data set CTGUSER.PERSONAL.CERT 250
Transfer completed successfully.
ftp: 976 bytes received in 0.02Seconds 61.00Kbytes/sec.
ftp> quit
Rename 'CTGUSER.PERSONAL.CERT' to client.personal.cert.arm
- Create a Java keystore file
on your Client machine using ikeyman. To start ikeyman, go to the
directory containing ikeyman and double-click the ikeyman exe file
for example:
C:\Program Files\IBM\Java60\jre\bin\ikeyman.exe
- From the ikeyman main menu select Key Database File > New.
- From the New dialog, click the Key database type list
then select file type JKS.
- In the File name field enter the name of
the Java keystore file that
you want to create (in this scenario the file name is myclientkeyring.jks)
- Click OK to confirm.
- Because you are creating a new Java keystore
file, the Password prompt dialog now prompts
you to provide a password. Enter a password into the Password and Confirm
password fields (in this scenario the password is mypassword).
- Click OK to confirm.
- Import the personal certificate from the file into the Java keystore file.
- Click the downward arrow and select Signer certificates from
the list.
- Click Add and specify the filename and
location of the file that you transferred to the client. This imports
the server personal certificate from the file into the Java keystore file.
- Click OK.
- Enter a label for the certificate in the Enter a label dialog.
The label provides a way of identifying the certificate but is not
used during security processing. This scenario used "cics tg racf
server certificate".
- Click OK. This imports the server personal
certificate from the file that you transferred to the client, into
the Java keystore file.