How to Implement CAISDI › Configure CAISDI/soap › Step 6: Set Up SSL

Step 6: Set Up SSL

If you do not plan to use the Secured Socket Layer (SSL) for secured communications, then you may skip this step.

If you plan to use SSL for secured communications (HTTPS) between the mainframe CAISDI soap server and the CA Service Desk Web Server, you must obtain an SSL certificate and install it on the CA Service Desk Web Server. (Follow the appropriate procedures for your particular Web Server software.) An exported copy of the certificate must then be accessible to the CAISDI/soap server in either of two methods:

• Have the certificate stored in an SAF keyring file that is controlled by your security system (CA Top Secret, CA ACF2, or IBM's RACF). The certificate is given a name that can be used by CAISDI/soap server to retrieve the certificate. For information on installing a certificate in a SAF keyring, see the appropriate SAF documentation.
• Have the certificate stored in an HFS key database. If you choose this method, you will also need a “stash” file to contain the password to the key database. For information on installing a certificate in an HFS key database and stash file, see the IBM z/OS Manual System Secure Sockets Layer Programming.

The user ID associated with the CAISDI/soap server address space must have access to either the HFS files or the SAF keyring. The configuration file must be set up to identify either the HFS key database (and stash file) or the SAF keyring (Step 7 that follows).

Step 6 is complete when the SSL certificate is installed and HFS keyring database or a SAF keyring authorization correctly configured.