For testing SSL functionality between IOAGATE and Control-M/EM and Control-M Configuration Manager, install the demo certificates provided by Control‑M/EM and by IOA.
Note: The sample certificates are for demonstration purposes only and must not be used in a production environment.
The following sample members are provided with the IOA installation in the SAMPLE library:
To enable SSL on the Control-M/EM side:
For more information about the CmsCommMode parameter, see the "Control‑M/EM" sub-section in the "SSL communication parameters" section in the "Preparing to use SSL" chapter in the Control-M SSL Guide.
To enable SSL on the INCONTROL side:
This step is needed because RACDCERT must be provided with the demo certificates in a sequential VB file.
The SAMPLE job CERTCOPY is listed below:
//COPYCERT JOB (ACCOUNT),'PGMR',NOTIFY=&SYSUID
//IEBGENER EXEC PGM=IEBGENER
//SYSPRINT DD SYSOUT=*
//SYSUT1 DD DISP=SHR,DSN=IOAP.V900.SAMPLE(CERTCA)
//SYSUT2 DD DISP=(,CATLG),DSN=IOA.CERTCA.DEMO
// RECFM=VB,LRECL=84,BLKSIZE=27998,
// UNIT=3390,SPACE=(TRK,(1,1))
//SYSIN DD DUMMY
//*
//IEBGENER EXEC PGM=IEBGENER
//SYSPRINT DD SYSOUT=*
//SYSUT1 DD DISP=SHR,DSN=IOAP.V900.SAMPLE(CERTGATE)
//SYSUT2 DD DISP=(,CATLG),DSN=IOA.CERTGATE.DEMO
// RECFM=VB,LRECL=84,BLKSIZE=27998,
// UNIT=3390,SPACE=(TRK,(1,1))
//SYSIN DD DUMMY
RACDCERT CERTAUTH ADD('IOA.CERTCA.DEMO') TRUST WITHLABEL('CACERT')
GATEUSER is assumed to be the RACF USERID of IOAGATE. Replace all occurrences of GATEUSER in the sample commands below with the actual IOAGATE user ID.
RACDCERT ID(GATEUSER) ADD('IOA.CERTGATE.DEMO') TRUST WITHLABEL('IOAGATE') PASSWORD('abcd1234')
RACDCERT ID(GATEUSER) ADDRING(IOAGATERING)
RACDCERT ID(GATEUSER) CONNECT(CERTAUTH LABEL('CACERT') RING(IOAGATERING)USAGE(CERTAUTH))
RACDCERT ID(GATEUSER) CONNECT(ID(GATEUSER) LABEL('IOAGATE') RING(IOAGATERING))
Parent Topic |