Topic
  • 9 replies
  • Latest Post - ‏2013-12-17T15:17:23Z by Hsieh
Hsieh
Hsieh
693 Posts

Pinned topic RDB v8.5.1 support CTGClient with SSL

‏2013-11-29T21:32:02Z |

Hi Folks,

My customer like to work CTGClient with SSL (certificate), is it possible ? 

and how to  install the certificate on RBD or somewhere ?

1. Scenario RDB Debug using ctgclient;

2. Scenario deploy to WAS using ctgclient;

Thanks !

Hsieh

  • markevans
    markevans
    3025 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-03T00:24:25Z  

    Hsieh,

    For now, take a look at ctgKeyStore in the linkage table.     I know it was put in to support CTG SSL.   This in relation to the CICS CTG documentation might give you the answer.

    I will try to do more tomorrow.

     

  • Hsieh
    Hsieh
    693 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-03T11:15:35Z  
    • markevans
    • ‏2013-12-03T00:24:25Z

    Hsieh,

    For now, take a look at ctgKeyStore in the linkage table.     I know it was put in to support CTG SSL.   This in relation to the CICS CTG documentation might give you the answer.

    I will try to do more tomorrow.

     

    Hi Mark,

    Thanks for reply ! 

    But I'm not sure the ctgKeyStore is the solution.  For this, I need to install CTG Server on desktop and config with tool IKEYMAN.exe.

    I was searching in preferences and I found a option in Preferences >> Remote Systems >> SSL to add SSL Security Certificate.

    Please, could you confirm ?

    Thanks !

    Regards,  Hsieh

  • markevans
    markevans
    3025 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-03T23:05:18Z  
    • Hsieh
    • ‏2013-12-03T11:15:35Z

    Hi Mark,

    Thanks for reply ! 

    But I'm not sure the ctgKeyStore is the solution.  For this, I need to install CTG Server on desktop and config with tool IKEYMAN.exe.

    I was searching in preferences and I found a option in Preferences >> Remote Systems >> SSL to add SSL Security Certificate.

    Please, could you confirm ?

    Thanks !

    Regards,  Hsieh

    Hsieh,

    Unfortunately this is not something I have setup so can't tell you all the details.  I don't think that preference is something RBD uses... in fact I did not find it in the RBd list of preferences.  Maybe this is for RDz and the remote systems explorer.

    Anyway, I found this section on configuring SSL under the CTG for z/OS infocenter.  It seems there are some tools in HFS so you should be able to create what you need under HFS. 

    http://pic.dhe.ibm.com/infocenter/cicstgzo/v8r0/topic/com.ibm.cics.tg.zos.doc/ctgzos/secconf.html

    So, I would suggest seeing if you can use "server authentication" and then generate a keystore that you can define in the EGL linkage table.

    good luck.

  • Hsieh
    Hsieh
    693 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-16T11:54:53Z  
    • markevans
    • ‏2013-12-03T23:05:18Z

    Hsieh,

    Unfortunately this is not something I have setup so can't tell you all the details.  I don't think that preference is something RBD uses... in fact I did not find it in the RBd list of preferences.  Maybe this is for RDz and the remote systems explorer.

    Anyway, I found this section on configuring SSL under the CTG for z/OS infocenter.  It seems there are some tools in HFS so you should be able to create what you need under HFS. 

    http://pic.dhe.ibm.com/infocenter/cicstgzo/v8r0/topic/com.ibm.cics.tg.zos.doc/ctgzos/secconf.html

    So, I would suggest seeing if you can use "server authentication" and then generate a keystore that you can define in the EGL linkage table.

    good luck.

    Hi Mark,

    Sorry for delay for response.  I was cjeck with cics admin about this.

    The help guide is poor, please could say, if the linkage option parm is fullpath + ctgKeyStore file name ?

    Thanks !

    Hsieh

  • markevans
    markevans
    3025 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-16T13:03:00Z  
    • Hsieh
    • ‏2013-12-16T11:54:53Z

    Hi Mark,

    Sorry for delay for response.  I was cjeck with cics admin about this.

    The help guide is poor, please could say, if the linkage option parm is fullpath + ctgKeyStore file name ?

    Thanks !

    Hsieh

    Hsieh,

    I am not sure what you are asking??  Can you try asking it a different way?

    Thanks.

  • Hsieh
    Hsieh
    693 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-16T13:11:31Z  
    • markevans
    • ‏2013-12-16T13:03:00Z

    Hsieh,

    I am not sure what you are asking??  Can you try asking it a different way?

    Thanks.

    Mark,

    On the linkage option field parm to ctgKeyStore, I must type fullpath and ctgKeyStore file name, correct ?

    i.e. C:\ctgclient\ctgssl.jks

    :-)

    Hsieh

  • markevans
    markevans
    3025 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-16T16:33:15Z  
    • Hsieh
    • ‏2013-12-16T13:11:31Z

    Mark,

    On the linkage option field parm to ctgKeyStore, I must type fullpath and ctgKeyStore file name, correct ?

    i.e. C:\ctgclient\ctgssl.jks

    :-)

    Hsieh

    Hsieh,

    Unfortunately, I am not sure.  So far, I have not been able to find out more detail.

    I would suggest you try it with the fullpath keeping in mind that sometimes you need to either make the path c:/ctgclient/filename or c:\\ctgclient\\filename to get it recognized.

    A CTG trace might show you what is/is not working if it fails with the fullpath specified.

    I will ask around some more..but thought I would go ahead and respond to this.

  • markevans
    markevans
    3025 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-17T13:48:57Z  
    • markevans
    • ‏2013-12-16T16:33:15Z

    Hsieh,

    Unfortunately, I am not sure.  So far, I have not been able to find out more detail.

    I would suggest you try it with the fullpath keeping in mind that sometimes you need to either make the path c:/ctgclient/filename or c:\\ctgclient\\filename to get it recognized.

    A CTG trace might show you what is/is not working if it fails with the fullpath specified.

    I will ask around some more..but thought I would go ahead and respond to this.

    Hsieh,

    I checked with our tester and developer and the full path/filename is what we specify in the linkage table.

    And they noted that you needed to use forward slash ("/") for the separators not a backward slash.  

    Take care.

    Mark

  • Hsieh
    Hsieh
    693 Posts

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-17T15:17:23Z  
    • markevans
    • ‏2013-12-17T13:48:57Z

    Hsieh,

    I checked with our tester and developer and the full path/filename is what we specify in the linkage table.

    And they noted that you needed to use forward slash ("/") for the separators not a backward slash.  

    Take care.

    Mark

    Good News !  Mark.

    Thanks a lot.

    Hsieh