Using demo certificates for IOAGATE with Control-M

For testing SSL functionality between IOAGATE and Control-M/EM and Control-M Configuration Manager, install the demo certificates provided by Control‑M/EM and by IOA.

Note: The sample certificates are for demonstration purposes only and must not be used in a production environment.

The following sample members are provided with the IOA installation in the SAMPLE library:

• CERTGATE - Demo certificate for IOAGATE, including a private/public key pair signed by the demo certificate authority that is included in the demo key database of Control-M/EM and Control-M Configuration Manager.
• CERTCA - Demo certificate of the above demo certificate authority.
• CERTCOPY - Sample job for copying the demo certificates to a sequential variable blocked (VB) file.

To enable SSL on the Control-M/EM side:

1. In the Control-M Configuration Manager, choose Tools => System Configuration=> Control-M/EM System Parameters=> Advanced=> CmsCommMode
2. Set the CmsCommMode parameter to auto.

For more information about the CmsCommMode parameter, see the "Control‑M/EM" sub-section in the "SSL communication parameters" section in the "Preparing to use SSL" chapter in the Control-M SSL Guide.

To enable SSL on the INCONTROL side:

1. Copy the CERTCA and CERTGATE sample members to sequential files using the CERTCOPY sample job.

   This step is needed because RACDCERT must be provided with the demo certificates in a sequential VB file.

   The SAMPLE job CERTCOPY is listed below:

//COPYCERT  JOB (ACCOUNT),'PGMR',NOTIFY=&SYSUID          

//IEBGENER EXEC PGM=IEBGENER                             

//SYSPRINT DD SYSOUT=*                                   

//SYSUT1 DD DISP=SHR,DSN=IOAP.V900.SAMPLE(CERTCA)        

//SYSUT2 DD DISP=(,CATLG),DSN=IOA.CERTCA.DEMO            

//       RECFM=VB,LRECL=84,BLKSIZE=27998,                

//       UNIT=3390,SPACE=(TRK,(1,1))                     

//SYSIN DD DUMMY                                         

//*                                                      

//IEBGENER EXEC PGM=IEBGENER                             

//SYSPRINT DD SYSOUT=*                                   

//SYSUT1 DD DISP=SHR,DSN=IOAP.V900.SAMPLE(CERTGATE)      

//SYSUT2 DD DISP=(,CATLG),DSN=IOA.CERTGATE.DEMO          

//       RECFM=VB,LRECL=84,BLKSIZE=27998,                

//       UNIT=3390,SPACE=(TRK,(1,1))                     

//SYSIN DD DUMMY                                         

1. Import the CA certificate:

   RACDCERT CERTAUTH ADD('IOA.CERTCA.DEMO') TRUST WITHLABEL('CACERT')

2. Import IOAGATE's certificate:

   GATEUSER is assumed to be the RACF USERID of IOAGATE. Replace all occurrences of GATEUSER in the sample commands below with the actual IOAGATE user ID.

   RACDCERT ID(GATEUSER) ADD('IOA.CERTGATE.DEMO') TRUST WITHLABEL('IOAGATE') PASSWORD('abcd1234')

3. Define a key ring for IOAGATE:

   RACDCERT ID(GATEUSER) ADDRING(IOAGATERING)

4. Connect the certificates to IOAGATE's keyring:

   RACDCERT ID(GATEUSER) CONNECT(CERTAUTH LABEL('CACERT') RING(IOAGATERING)USAGE(CERTAUTH))

   RACDCERT ID(GATEUSER) CONNECT(ID(GATEUSER) LABEL('IOAGATE') RING(IOAGATERING))