Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user IT Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Macro name changed from html to html-bobswift during server to cloud migration processing.

...

Step 1

Create a Certificate Authority (CA) certificate and private key using the following RACDCERT command:
 

Panel

Html bobswift

<pre>
RACDCERT CERTAUTH GENCERT +
   SUBJECTSDN(CN('Certificate Authority') +
      OU('Security') +
      O('Company Name, Inc.') +
      C('US')) +
   NOTAFTER(DATE(2030-01-01)) +
   *KEYUSAGE(HANDSHAKE CERTSIGN) +
   WITHLABEL('Company CA')
</pre>

Anchor
1178302
1178302
Change the subject and label names to meet local requirements.
 

Step 2

Create a certificate for the Universal Broker STC and sign it with the CA certificate created in Step 1 using the following RACDCERT command:
 

Panel

Html bobswift

<pre>
RACDCERT ID(UBRUSR) GENCERT +
   SUBJECTSDN(CN('broker.company.com') +
      OU('Operations') +
      O('Company Name, Inc.') +
      C('US')) +
   KEYUSAGE(HANDSHAKE) +
   WITHLABEL('Broker') +
   SIGNWITH(CERTAUTH LABEL('Company CA')
</pre>

Anchor
1178312
1178312
Change the subject and label names to meet local requirements. The subject's Common Name (CN) value should uniquely identify this instance of the broker in the enterprise.
 

Step 3

Create a certificate key ring for the user profile UBRUSR with the following RACDCERT command:
 

Panel

Html bobswift

<pre>
RACDCERT ID(UBRUSR) ADDRING(BROKER)
</pre>

 

Step 4

Connect the CA certificate and the Universal Broker certificate to the key ring with the following RACDCERT command:
 

Panel

Html bobswift

<pre>
RACDCERT ID(UBRUSR) CONNECT(CERTAUTH LABEL('Company CA') +
   RING(BROKER)
RACDCERT ID(UBRUSR) CONNECT(LABEL('Broker') RING(BROKER) DEFAULT)
</pre>

Anchor
1178319
1178319
Change the labels to match the values used in previous steps.
 

Step 5

If the resource profile IRR.DIGTCERT.LISTRING in the FACILITY class is not defined, define it with the following RDEFINE command:
 

Panel

Html bobswift

<pre>
RDEFINE FACILITY (IRR.DIGTCERT.LISTRING) UACC(NONE)
</pre>

 

Step 6

Permit the Broker user profile UBRUSR READ access to the RACF profile IRR.DIGTCERT.LISTRING in the FACILITY class using the following PERMIT command:
 

Panel

Html bobswift

<pre>
PE IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(UBRUSR) ACCESS(READ)
</pre>

 

Step 7

Modify the Universal Broker configuration member UBRCFG00 as follows:
 

Panel

Html bobswift

<pre>
ssl_implementation   system
saf_key_ring        BROKER
</pre>

 

Step 8

The CA certificate must be distributed to the remote systems from which Universal Agent managers are executed. The managers must be configured with the CA certificate in their list of Trusted CA certificates using the CA_CERTIFICATES configuration option.
 
The CA certificate is exported out of the RACF data base into a data set in a PEM (or base64) format with the following RACDCERT command:
 

Panel

Html bobswift

<pre>
RACDCERT CERTAUTH EXPORT (LABEL('Company CA')) +
   DSN(TEST.CA.CERT) FORMAT(CERTB64)
</pre>

 
Change the label to match the value used in previous steps.
 
The tsoprefix.TEST.CA.CERT data set contains a PEM formatted certificate. The format is a text format that transfers safely across the network in text mode.
 
Note that the CA private key is not exported. The CA certificate does not contain any private data.