CAICCI Configuration › CAICCI Tasks › Additional Configuration Tasks for CAICCI › Copy CCIP12

Copy CCIP12

Keep in mind the following items before you copy CCIRTARM.

• This is a sample exported key and certificate (a PKCS#12 file) that can be imported into the IBM System SSL key database CCISSL and CCISSLGW use as their End-User certificate.
• This key/certificate is only to allow the CCISSL and CCISSLGW servers to run out of the box.
• An authenticating CA (Certificate Authority) certificate must also be present on the remote client side of the SSL connection (the PC or other machines, such as mainframes or UNIX) for the server certificate to be accepted as valid by the client.
• The PC installation already has this authenticating CA certificate within its Certificate Authority file (cciroot.pem in directory C:\CA_APPSW), so using CCIP12 allows an SSL connection by the PC.
• Having CCIRTARM imported into the key database or keyring as a Certificate Authority certificate also allows an SSL connection from any PCs or remote CAICCI hosts that are using the sample cci.pem or CCIP12 certificates as their End-User certificates.
• You can generate your own SSL certificates. Ensure that a copy of the Certificate Authority that has signed your generated certificate is within the cciroot.pem file in directory C:\CA_APPSW and also in your mainframe key database.

Follow these steps:

1. Copy CCIP12 from the CAW0OPTN data set using binary transfer to an HFS file on your mainframe where CCISSL or CCISSLGW is executing.
2. Store the file on the HFS as cci.p12. For example, issue the TSO command: OPUT YourdeployHLQ.CAW0OPTN(CCIP12) '/etc/cci.p12' BINARY
3. If you are using an HFS key database, use the System SSL utility (gskkyman) to import the key/certificate file CCIP12 into the SSL key database.

   If you are using a z/OS key database, consult your security software documentation or your security administrator for the import process.