- Installation and Configuration Guide
- Configure External Authentication Providers
- Configure IBM RACF Authentication Providers
- Configure SSL Between STA and RACF
Configure SSL Between STA and RACF
Install the MVS security certificate on the STA server and import it into the systemwide Java keystore.
- Verify that the required PTFs have been installed on the MVS system. These PTFs allow for authentication with RACF or other third-party security software when you log in to the STA application. See Review IBM RACF Mainframe Minimum Requirements for details.
- Obtain the following files:
- MVS server certificate, in ASCII format
- STA client private key, in binary PKCS12 format; the MVS system administrator should give you the password to this file.
- Transfer the files to the STA server, and place them in the certificates directory. The directory location is as follows:
/
Oracle_storage_home
/Middleware/user_projects/domains/TBI/certwhere
Oracle_storage_home
is the Oracle storage home location specified during STA installation. - Convert the certificate from Distinguished Encoding Rules (DER) format to Privacy Enhanced Mail (PEM) format. For example:
$ openssl pkcs12 -clcerts -in PKCS12DR.xxxxxx -out mycert.pem
Where:
pkcs12
indicates PKCS#12 data management.-clcerts
indicates you want to output client certifications only.-in
specifies the input file.-out
specifies the output file.
You will be asked to enter the import password (given to you with the certificate), a new PEM password, and password verification.
- Change to the JRE binary directory. The directory location is as follows:
/
Oracle_storage_home
/StorageTek_Tape_Analytics/jdk/jre/binwhere
Oracle_storage_home
is the Oracle storage home location specified during STA installation.For example:
$ cd /Oracle/StorageTek_Tape-Analytics/jdk/jre/bin
- Use the Java keytool utility to import the certificate file into the systemwide Java keystore. The keystore is located in the following file:
/
Oracle_storage_home
/StorageTek_Tape_Analytics/jdk1.6.0_xx
/jre/lib/security/cacertsFor example:
$ ./keytool -importcert -alias tbiServer -file mycert.pem -keystore /Oracle/StorageTek_Tape_Analytics/jdk1.6.0_75/jre/lib/security/cacerts -storetype jks
Where:
-importcert
indicates you want to import a certificate.-alias
indicates the name you want to assign to the entry in the keystore.-file
indicates the name of the certificate file you want to import.-keystore
indicates the location of the systemwide Java keystore.-storetype
indicates the type of keystore.