CAICCI Configuration › CAICCI Tasks › Additional Configuration Tasks for CAICCI › Copy CCIP12

Copy CCIP12

Keep the following items in mind before you copy CCIRTARM.

• This is a sample exported key and certificate (a PKCS#12 file) that can be imported into IBM's System SSL key database to be used by CCISSL and CCISSLGW as their End User certificate.
• This key/certificate is only to allow the CCISSL and CCISSLGW servers to run out of the box.
• As discussed previously, an authenticating CA (Certificate Authority) certificate must also be present on the remote client side of the SSL connection (the PC or other machines, such as mainframes or UNIX) for the server certificate to be accepted as valid by the client.
• The PC install already has this authenticating CA certificate within its Certificate Authority file (cciroot.pem in directory C:\CA_APPSW), so using CCIP12 will allow an SSL connection by the PC.
• Having CCIRTARM imported into the key database or keyring as a Certificate Authority certificate will also allow an SSL connection from any PCs or remote CAICCI hosts that are using the sample cci.pem or CCIP12 certificates as their End User certificates.
• You can and probably will prefer to generate your own SSL certificates. Ensure that a copy of the Certificate Authority that has signed your generated certificate is within the cciroot.pem file in directory C:\CA_APPSW and also in your mainframe key database.

To copy CCIP12

1. Copy CCIP12 from the CAW0OPTN data set using binary transfer to an HFS file on your mainframe where CCISSL or CCISSLGW will be executing.
2. Store the file on the HFS as cci.p12. For example, issue the TSO command: OPUT YourdeployHLQ.CAW0OPTN(CCIP12) '/etc/cci.p12' BINARY
3. If you are using an HFS key database, use the System SSL utility (gskkyman) to import the key/certificate file CCIP12 into the SSL key database.

   If you are using a z/OS key database, consult your security software documentation or your security administrator for the import process.