IBM Support

Create a zAware Certificate

How To


Summary

The following document describes the steps to generate a certificate from a certificate authority (CA). IBM zAware ships with a self-signed certificate. It is recommended that you replace the self-signed certificate with a certificate from a certificate authority. This document assumes that the appropriate root and intermediate certificates are installed in the browser.

Steps

1. Logon to the zAware GUI with the ADMIN userid.
2. Generate a signing certificate.                                                                                 

       Expand Administration

       Select Configuration

       Select the <Security> Tab

       Click <Generate Certificate Signing Request>

image-20190416134554-1

3.  Enter values for the following fields:                                                                                                 

  • Common name 
  • Organization 
  • Organization unit
  • Locality
  • State or province
  • Postal code
  • Country Code

For example, we used the following values:

Common name = <redacted>

Organization = IBM

Organization unit = zAware

Locality = Poughkeepsie

State or province = New York

Postal code = <left blank>

Country Code = US

image-20190416134554-2

Click <Generate>

You will get the following screen:

image-20190416134554-3

4. Copy and paste the certificate request into a file on your PC called zAware.cert.request (we are using this file name as an example), including the ---BEGIN and END--- statements:           

-----BEGIN CERTIFICATE REQUEST-----

MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQwwCgYDVQQK

DANJQk0xHTAbBgNVBAMMFGFxYXdhcmUxLnBvay5pYm0uY29tMIIBIjANBgkqhkiG

oj2E6YTn5pco8ivTfrinT145G84feqRVpbxiLw6QjRQ=

-----END CERTIFICATE REQUEST-----

5. Input/upload the certificate request to your CA.    

                                                                             

6. Download the CA issued certificate.                                                                                                  

Note: We downloaded the CA issued certificate as a pkcs7b (public-key cryptography standards – PKCS #7) file; which requires additional processing, see step 7.

7. Extract the certificates.                                                                                                          

a. FTP the file to a system where you can issue the openssl command with the pkcs7 option.
b. Use following openssl command to extract the certificates:

openssl pkcs7 -in zAware.cert.issued.pem -print_certs -out zAware.cert.issued.out

The above command will extract the issued, intermediate and root certificates into one file, in the above example, called zAware.cert.issued.out.

c. If needed, FTP the file (zAware.cert.issued.out) to your PC.  We did this, just to keep a copy of the certificate on our local PC.

8. Logon to the zAware GUI with the ADMIN id and receive the certificate.                               

Go to Administration -> Configuration, then select Security

Click <Receive Certificate Request Reply>                                     

Copy and paste the contents of the zAware.cert.issued.out file (no need to remove the blank lines and do not add blanks or blank lines in between certificates, in other words, leave as-is).

Click <Receive>

9. Logout then login and you should see the new certificate in your browser. 

**Be aware, there is only support for 1 entry in the common name field, so if you attempt to access the zAware GUI with the IP address or another name, you will get the certificate pop-up error.

10. If you have the OMEGAMON – zAware connection, you will need to import the new certificate on the z/OS system, along with the root and/or intermediate CA certificate.

Document Location

Worldwide

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS55JD","label":"IBM Operations Analytics for z Systems"},"Component":"zAware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
22 April 2019

UID

ibm10881448

Page Feedback