Yes, SSH is setup. I used a PuTTY SSH session to run the configuration tools for OSMF. I agree, I should review all the RACF requirements that configuration created.
By CA the configuration does this. *Indicates whether (Y or N) the z/OSMF security setupshould include the creation of a Certificate Authority(CA). The CA is used to sign server certificates that areused for secure (SSL) communication between the user’sweb browser and the z/OSMF server. Y is the default.* On Wed, Sep 30, 2015 at 4:17 PM, Staller, Allan <[email protected]> wrote: > Has SSH already been set up? > > It is possible the specified encryption algorithm is not supported, > CSFSERV/DIGTCERT/DIGTRING classes are not active, permissions to > IRR.DIGTCERT.* resources in the facility class not defined/permitted. > > I am going through a setup of SSH and have hit all of the above issues in > the last couple of weeks. > There is a boatload of RACF work to be done to setup SSH and it all needs > to be correct. Check your system logs for ICH messages related to ZOSMF. > > > By CA, do you mean CA = "CERTIFICATE AUTHORITY" or CA= certificate > > *IF* CA = "CERTIFICATE AUTORITY" there is a whole chain of verifications > that are performed ending (I would expect) at a commercial Certificate > Authority such as VERISIGN. > > If CA= certificate ,you could try a self-signed certificate. > > HTH, > > > <snip> > Trying to start OSMF for the first time. It appeared that all the setup > ran cleanly. > > The first task starts up. > CWWKB0056I INITIALIZATION COMPLETE FOR ANGEL > > But the IZUSVR1 dies > > Launching zosmfServer (wlp-1.0.2.cl0220130714-1602/websphere-kernel_1.0.2) > on IBM J9 VM, version pmz6470-20110827_01 (en_US) > AUDIT ¨ CWWKE0001I: The server zosmfServer has been > launched. > > AUDIT ¨ CWWKG0010I: The server zosmfServer is shutting down because of a > previous initialization error. > AUDIT ¨ CWWKE0036I: The server zosmfServer stopped after 2.443 > seconds. > ERROR ¨ CWWKG0047E: An error occurred while attempting to verify a > configuration document: > file:/SYSTEM/etc/zosmf/servers/zosmfServer/server.xml, Hardware error from > call CSNDDSV returnCode 12 reasonCode 11060. > > FATAL ¨ CWWKG0044E: Server shutdown because a configuration document does > not contain a valid signature: > file:/SYSTEM/etc/zosmf/servers/zosmfServer/server.xml > > The documentation basically says something did work, fix it. During the > configuration I replied that I wanted a CA to be created. Has anyone seen > this error and point in the right direction? > I also don't get this Hardware error. > CWWKG0044E: Server shutdown because a configuration document does not > contain a valid signature: {0}. *Explanation* The designated configuration > document does not contain a valid signature, or a portion of the document > that is protected by the signature has been modified. This message is > preceded by an error message that provides more information on the specific > error in the document. *Action* Correct the error in the configuration > document that was identified in the preceding error message. > CWWKG0047E: An error occurred while attempting to verify a configuration > document: {0}, {1}. *Explanation* An exception was thrown while attempting > to verify that the designated configuration document contains a valid > signature. *Action* Correct the error in the configuration document that is > causing the exception to be thrown and then retry starting the server. > </snip> > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
