Previous Topic: Set Up a Secure FTP Connection for DeploymentNext Topic: Specify Unit Parameters for SYSUT3 and SYSUT4 of the Remote System in the SAMPLIB(MSMLIB) Member

Configuring CA CSMSet Up a Secure FTP Connection for DeploymentExport Certificates from the gskkyman Database

Export Certificates from the gskkyman Database

If your FTP server uses the gskkyman key database as the FTP key ring, export the certificate from the gskkyman database and import it to the Java JKS key store. Doing so allows CA CSM to use the same certificate as the FTP server uses.

Follow these steps:

  1. Create a copy of the cacerts file at JAVA_HOME/lib/security/ to use for CA CSM key store.

    Note: The cacerts file is the default JKS certificates file that IBM Java ships with. The cacerts file contains several root Certificate Authority certificates and is typically used to prime any new JKS key store.

  2. Use the gskkyman utility and export the appropriate Certificate Authority from the FTP key ring file using binary ASN.1 DER format.

    Note: For more information about the gskkyman utility, see the z/OS Cryptographic Services System Secure Sockets Layer Programming.

  3. Use the Java keytool utility and import the Certificate Authority into the key store database that you created in Step 1. Use the following command: 
    keytool -import -trustcacerts -file /path_to_exported_ca_certificate
-keystore /path_to_copy_jks_cacerts/file_name

    The utility prompts you to make the imported CA trusted and enter the key store password. The initial password that the cacerts file that is shipped with Java is changeit.

  4. Set up a secure FTP connection to deployment.