IBM Support

PH49253: CICS - SUPPORT KEYRINGS OWNED BY DIFFERENT USERIDS

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • This APAR will update the KEYRING system initialization
parameter to accept keyrings owned by other users.  This
includes specific userids as well as the special *AUTH* and
*SITE* users.

The format will be USERID/Ring.Name

Virtual keyrings can be used by specifying a ring name of a
single asterisk (*).

For example;

 USERID/ring.name
 USERID/*

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All CICS users.                              *
****************************************************************
* PROBLEM DESCRIPTION: CICS only supports the use of KEYRINGs  *
*                      that are owned by the region userid.    *
****************************************************************
CICS only supports the use of KEYRINGs that are owned by the
region userid.  This can make management of keyrings more
difficult when the same certificates need to be used by multiple
CICS regions, each with their own region userid.  This also
prevents CICS from being able to use the system virtual
keyrings containing all the CA certificates or all the SITE
certificates.

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • CICS has been updated to allow the KEYRING SIT parameter to
specify the following format of values:

  *
  ring.name
  USERID/*
  USERID/ring.name

This includes support for the system virtual keyrings that
contain the set of CA certificates (*AUTH*) and the set of SITE
certificates (*SITE*).

The CICS documentation has been updated to remove references to
the previous restriction.

    



APAR Information




    

  • APAR number
    PH49253
    • 

  • Reported component name
    CICS TS Z/OS V5
    • 

  • Reported component ID
    5655Y0400
    • 

  • Reported release
    200
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    YesSpecatt / New Function / Xsystem
    • 

  • Submitted date
    2022-09-05
    • 

  • Closed date
    2023-03-30
    • 

  • Last modified date
    2023-04-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
PH49261 UI91196 UI91197
    

    • 



Modules/Macros


    

  • DFHXSCT  DFHXSIS

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V5
    • 

  • Fixed component ID
    5655Y0400
    • 



Applicable component levels


    

  • R200  PSY  UI91197
       UP23/03/31  P  F303   
    • 

  • R300  PSY  UI91196
       UP23/03/31  P  F303   
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 April 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback