IBM Support

How to make server certificates available to Host On-Demand clients for JSSE TLS support

Question & Answer


Question

How do you make the server certificates available to Host On-Demand clients for JSSE TLS support?

Cause

The CustomizedCAs.jks is a new file for Host On-Demand (HOD) clients in support of JSSE TLS support.

Answer

The following are the steps required to make a server certificate available to HOD clients that connect to a TN3270 server via JSSE TLS connection.

  1. For a self-signed certificate, extract the certificate in a base 64 .arm or binary .der file. For well-known certificate authorities, you will need to add the root certificate and any intermediate certificates provided by the Certificate Authority that signs your requested certificate.
  2. Start the IBM Certificate Management utility.
    • On a Windows server, click Start > Programs > IBM Rational Host On-Demand > Administration > Certificate Management.
    • On an AIX or Linux server, start the Certificate Management Utility from the console (command line) by going to /opt/IBM/HostOnDemand/bin, then entering the command ./CertificateManagement &.
  3. If the CustomizedCAs.jks file does not exist, follow these steps to create it:
    1. Click Key Database File > New
    2. In the Key database type listbox, select JKS
    3. In the File Name field, type CustomizedCAs.jks.
    4. In the Location field, type the fully qualified path of the Host On-Demand publish directory or some location if the file is to be transferred to another HOD server.
    5. When prompted, enter hodpwd as the password for the new CustomizedCAs.jks file.
    6. Click OK.
  4. If the CustomizedCAs.jks file exists, open it. The password must be hodpwd.
  5. Expand the listbox that is located above the white display area and select Signer Certificates.
  6. Click Add.
  7. In the Certificate file name field, type the name of the file containing the certificate, such as cert01.arm or browse to the file.
  8. In the Location field, type the path of the subdirectory where the certificate file is located.
  9. When prompted, enter a label for the certificate and click OK.
  10. Verify that the label of the certificate now appears in the list of Signer Certificates.
  11. Click Key Database File, then Close to close the file.
  12. If the HOD server is on a different platform or machine, put the CustomizedCAs.jks file to the publish directory of the HOD server.

[{"Product":{"code":"SSS9FA","label":"IBM Host On-Demand"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"General Information","Platform":[{"code":"PF033","label":"Windows"}],"Version":"11.0.9;11.0.10;11.0.11;11.0.12;11.0.13","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
02 August 2018

UID

swg21960399

Page Feedback