Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

CICS & IPCONN install issue with SSL and a public certif

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> CICS
View previous topic :: :: View next topic  
Author Message
Eyal.ma

New User


Joined: 05 May 2013
Posts: 5
Location: Israel

PostPosted: Tue May 28, 2013 1:35 pm    Post subject: CICS & IPCONN install issue with SSL and a public certif
Reply with quote

Hello.

I am try to connect two CICS with SSL.
We have a working IPCONN connection, and want to add to it the SLL using client/server certificates.

What we did was create two certificates, one for each CICS. We created the rings, defined them in the CICS, and each side exported the certificate to the other and imported. We did that before in CICS version 3.2 (we had other issues than), and we are now at version 4.2 (other side is 4.1).

So each system has its private and public keys, and the public of the other side.

We defined the TCPIPService on each system
SSL = YES
Certificate = Local server certificate name
We defined the IPCONN on each system
SSL = YES
Certificate = Remote server public certificate we imported
Linkauth = Secuser
Userauth = Identify
Securityname = Username running on each side.

On the CICS 4.1 system, the install of the IPCONN is fine.
On the CICS 4.2 system, the install gives and error:
DFHAM4889E Install of IPCONN ___ failed because CERTIFICATE (remote system certificate) is invalid.
DFHAM4928E Install of IPCONN ___ failed because the specified certificate deos not have a private key.

The remote system has exported their certificate as they always do. We imported it using the racf command as we did before:
RACDCERT ID (cics user) ADD(file) TRUST

I'm trying to figure out what I am doing wrong.
As far as I know, I don't need to get the private of the remote system, and the IPCONN is supposed to use the client certificate.
This is according to the guides I was able to find online and what I could figure out from the CICS to CTG example in the cics documentation.

Any help will be appreciated icon_smile.gif

Cheers.
Back to top
View user's profile Send private message

View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> CICS All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts CICS to Webservices safexc CICS 1 Sun Jan 22, 2017 5:49 pm
No new posts CICS transaction slow response time vasanthz All Other Mainframe Topics 3 Thu Jan 19, 2017 1:31 am
No new posts Execessive parameter issue Sumeendar JCL & VSAM 5 Mon Dec 19, 2016 4:35 pm
No new posts INDEPENDENT CICS TS 4.1 MRO REGION UP... Kyle Carroll CICS 0 Wed Dec 14, 2016 6:55 pm
No new posts CICS START AND CANCEL blayek CICS 1 Wed Dec 07, 2016 3:27 am


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us