Set up Zowe certificates using workflows
Set up Zowe certificates using workflows
Zowe uses certificates that are held in z/OS Keyring.
You can use four z/OSMF workflows that enable you to manage keyring setup, certificates, certificate sign requests and signatures, and load certificates to a keyring. Use the following workflows to set up certificates for Zowe in your environment:
- Set up a Zowe certificate and keyring using ZWEKRING.xml - The - ZWEKRING.xmlworkflow sets up a Zowe certificate and keyring. The workflow helps you set up the certificate and keyring and has the following features:- Generates a Zowe certificate that is signed by the Zowe local CA
- Imports an existing certificate that is held in z/OS to the keyring for Zowe
- Imports an external Zowe certificate from a data set in PKCS12 format
- Connects a z/OSMF certificate authority to the Zowe keyring
 - The workflow includes the steps that you can see on the following image:  - Based on the variable setup from the first step, the workflow can perform various certificate configurations and connect certificates to a keyring in RACF, TSS, and ACF2 security systems. 
- Create a certificate sign request (CSR) using ZWECRECR.xml - The - ZWECRECR.xmlworkflow creates a CSR request and has the following features:- Based on a variable setup, generates a certificate sign request. - You must define variables. 
- A CSR request is stored into a data set. Then the data set is automatically converted into a USS file. - You must specify the USS file path. - The workflow includes the steps that you can see on the following image:  
 - Note: You can find links to the specific security systems (BCM, IBM) official documentation in the instructions section of the workflow in related steps. 
- Sign a CSR request using ZWESIGNC.xml - The - ZWESIGNC.xmlworkflow signs a CSR request.- After the successful workflow execution, the certificate is signed by the specified certificate authority and is stored in USS. - The workflow includes the steps that you can see on the following image:  - Fill in the fields, that you can see on the following image, to sign a CSR request. Ensure that the workflow includes the following information: - A USS location path of the CSR file 
- A USS location path where a signed certificate is stored in pem format  
 
- Load the Signed Client Authentication Certificate into ESM using ZWELOADC.xml - The - ZWELOADC.xmlworkflow loads a signed client authentication certificate into a specific ESM under your ACID.- The workflow can load ASCII- or EBCDIC-encoded certificate into a data set. Then, based on the variable setup, the workflow loads the certificate into a specific ESM. - The workflow includes the steps that you can see on the following image: 