To complete this task you use FTP to transfer the signed
personal certificate from the CICS server to the client machine, then
iKeyman to create a Java™ keystore
(jks) file where the certificate is stored.
iKeyman is installed in:
- <install_path>\jvm17\bin on Windows
- <install_path>/jvm17/bin on UNIX and Linux
- Transfer the personal certificate to your Client machine using
an FTP client. Alternatively you can issue FTP commands on the command
line.
In
Configuring SSL server authentication on the CICS server, you specified
FORMAT(CERTB64) to ensure that the certificate was stored in ASCII.
You must therefore specify ASCII when you transfer the certificate
using FTP. The following example shows the FTP commands required to
transfer the certificate, and the associated system responses:
C:\ftp server
Connected to server.company.com
User (server.company.com:(none)): name
331 Send password please. Password: xxx name is logged on.
Working directory is "/u/directory".
ftp> asc
Representation type is Ascii NonPrint
ftp> quote site recfm=vb
SITE command was accepted
ftp> get 'CTGUSER.PERSONAL.CERT'
Port request OK. 125 Sending data set CTGUSER.PERSONAL.CERT
Transfer completed successfully.
ftp> quit
You have to specify the site recfm=vb FTP
command because the server certificate is stored in a variable blocked
data set.
- Rename CTGUSER.PERSONAL.CERT to personalcert.arm.
- Start ikeyman on your Client machine.
- Create a new Java keystore file:
- From the iKeyman main menu, select Key Database File > New.
- From the New dialog, click the Key database type list
then select the file type JKS.
- In the File name field enter the name of
the Java keystore file that
you want to create. In this scenario the file name is ctgclientkeyring.jks.
- Click OK. Because you are creating a new Java keystore file, the Password
prompt dialog now prompts you to provide a password.
Enter a password into the Password and Confirm
password fields. In this scenario the password is MyPassword.
- Click OK.
- Import the personal certificate personalcert.arm from the data
set into the Java keystore file:
- Click the arrow and select Signer certificates from
the list.
- Click Add and specify the file name and
location of the file that you transferred to the client (in this scenario
personalcert.arm).
- Click OK.
- In the Enter a label dialog, enter a label
for the certificate. The label identifies the certificate but is not
used during security processing. This scenario uses the label cics
tg racf server certificate.
- Click OK. The server personal certificate
is imported from the data set that you transferred to the client,
into the Java keystore file.
You have now configured SSL server authentication on the client.