Can we have ARSMAINT connect to ARSSOCKD via SSL?
I already had a keyring and certificate created as per the other SSL on z/OS related post:
http://www.odusergroup.org/forums/index.php?topic=1938.0Note that the userid associated with the keyring is the same as the userid of the started task, in my case ARSSV950.
I have the following SSL parms in my ars.ini:
SSL_PORT=11449
SSL_KEYRING_FILE=ARSSOC95.SSLRING
SSL_KEYRING_LABEL=ARSSOC95.CERT
SSL_CLNT_USE_SSL=1
I ran the following batch job which updates statistics on the DB2
database. Be sure you do this on a test system if you use the -r parm!
//TMP1 EXEC PGM=IKJEFT01,
// DYNAMNBR=200
//SYSPROC DD DSN=SYS1.SBPXEXEC,DISP=SHR
//*
//SYSTSPRT DD SYSOUT=*
//*
//SYSTSIN DD *
oshell logger -d1 starting ARSMAINT run
oshell /usr/lpp/ars/V9R5M0/bin/arsmaint -I ARCH950 -r
oshell logger -d1 ending ARSMAINT run
//*
//STDENV DD *
_BPX_SHAREAS=YES
_BPX_BATCH_SPAWN=YES
/*
//OSHOUT1 DD SYSOUT=*,DCB=(RECFM=F,LRECL=255)
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
The first time I ran it I had REGION=7M on the job card and received:
ARS0000E Initialization of ICU for directory >/usr/lpp/ars/V9R5M0/locale/< failed - please ensure proper installation
I changed the JOB card to REGION=0M and this time I got the following on the z/OS console:
IEF196I IGD103I SMS ALLOCATED TO DDNAME SYS00036
ICH408I USER(ODADMIN ) GROUP(ODCMARS ) NAME(EDWARD ARNOLD )
IRR.DIGTCERT.LISTRING CL(FACILITY)
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
A quick trip to the google says I should run the following:
rdefine facility irr.digtcert.listring uacc (none)
permit irr.digtcert.listring class(facility) id(*) acc(read)
SETROPTS RACLIST(facility) REFRESH
Try again, still won't connect.
I received a suggestion to add a USER=ARSSV950 to the JOB card.
Eureka! It works.
If you're trying to see if you can use ARSMAINT via SSL, these instructions should be a good IVP.
Ed