Portal | Manuals | References | Downloads | Info | Programs | JCLs | Mainframe wiki | Quick Ref
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Profile Log in to check your private messages Log in
 
CICS & IPCONN install issue with SSL and a public certif

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> CICS
View previous topic :: :: View next topic  
Author Message
Eyal.ma

New User


Joined: 05 May 2013
Posts: 5
Location: Israel

PostPosted: Tue May 28, 2013 1:35 pm    Post subject: CICS & IPCONN install issue with SSL and a public certif
Reply with quote

Hello.

I am try to connect two CICS with SSL.
We have a working IPCONN connection, and want to add to it the SLL using client/server certificates.

What we did was create two certificates, one for each CICS. We created the rings, defined them in the CICS, and each side exported the certificate to the other and imported. We did that before in CICS version 3.2 (we had other issues than), and we are now at version 4.2 (other side is 4.1).

So each system has its private and public keys, and the public of the other side.

We defined the TCPIPService on each system
SSL = YES
Certificate = Local server certificate name
We defined the IPCONN on each system
SSL = YES
Certificate = Remote server public certificate we imported
Linkauth = Secuser
Userauth = Identify
Securityname = Username running on each side.

On the CICS 4.1 system, the install of the IPCONN is fine.
On the CICS 4.2 system, the install gives and error:
DFHAM4889E Install of IPCONN ___ failed because CERTIFICATE (remote system certificate) is invalid.
DFHAM4928E Install of IPCONN ___ failed because the specified certificate deos not have a private key.

The remote system has exported their certificate as they always do. We imported it using the racf command as we did before:
RACDCERT ID (cics user) ADD(file) TRUST

I'm trying to figure out what I am doing wrong.
As far as I know, I don't need to get the private of the remote system, and the IPCONN is supposed to use the client certificate.
This is according to the guides I was able to find online and what I could figure out from the CICS to CTG example in the cics documentation.

Any help will be appreciated icon_smile.gif

Cheers.
Back to top
View user's profile Send private message

View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> CICS All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts Is CICS BMS logic on z/OS different ... Andi1982 CICS 2 Fri Dec 01, 2017 1:56 pm
No new posts How to get complete URL from CICS Con... mbattu CICS 1 Tue Nov 14, 2017 11:59 pm
No new posts Integrating CICS applications craig2020 CICS 1 Sun Oct 29, 2017 6:49 pm
No new posts SIGNAL ON HALT issue packerm CLIST & REXX 1 Fri Oct 20, 2017 6:56 pm
No new posts ASP3 ABEND IN CICS Vedant CICS 0 Fri Oct 20, 2017 3:18 pm

Facebook
Back to Top
 
Job Vacancies | Forum Rules | Bookmarks | Subscriptions | FAQ | Polls | Contact Us