To assist with updating zowe.yaml the values to generate a self signed PKCS12 certificate are included in the section beginning # > Certificate setup scenario 1. A certificate authority name local_ca specified in .pkcs12.caAlias.A certificate name (or alias) localhost specified in 12.name.A keystore directory /global/zowe/keystore specified in 12.directory.The following zowe.yaml example will generate: The input parameters that control certificate configurationĪre specified in the section Create a self signed PKCS12 certificate ​ The zwe init certificate command supports both scenarios. The two most common scenario for using a PKCS12 certtificate are where you have been given an existing certificate and wish to configure Zowe to use it, or else you do not have a certificate and wish to generate a new one. This contains information for the certificate name and its location, together with the truststore location. When Zowe is launched details for the PKCS12 certificate used are specified in the zowe.yaml section certificates. Working with z/OS keyrings may require system administrator priviledges and working with your z/OS security team, so the self signed PKCS12 path is provided to assist with configuring and launching test and scratch Zowe instances. For production usage of Zowe it is recomended to work with certificates held in z/OS keyrings. Using USS PKCS12 certificates is useful for proof of concept projects using a self signed certificates. Zowe uses a keystore directory to contain its external certificate, and a truststore directory to hold the public keys of servers it communicate with (for example z/OSMF). This certificate is used for encrypting TLS communication between Zowe clients and the Zowe z/OS servers, as well as intra z/OS Zowe server to Zowe server. Zowe is able to use PKCS12 certificates that are stored in USS.
0 Comments
Leave a Reply. |