You can run a GSKSRVR SSL trace. There was a discussion on this list earlier about it. And you can go here: http://www-01.ibm.com/support/docview.wss?uid=swg21394697
-----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Wednesday, August 23, 2017 5:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SSL with WebSphere and CICS Cross posted between RACF-L and IBM-MAIN: Good day to all, Before we submit a PMR to IBM, I wish to ask for help on these 2 discussion lists. My colleague successfully used WebSphere on LPAR A to access CICS on LPAR B using HTTP Server using Non-SSL connection. But when we enable SSL using the Certificate setup in RACF as per IBM's manuals like these redbook 'Securing CICS Web Services', 'Implementing CICS Web Services' and other books for WebSphere and CICS, ... we got a 'HTTP 403 'Forbidden' when we try to use https://<....>:3103/cics/... Same address with https changed to http is working 100% fine, fast and no problem at all. Note - CICS by itself is working 100% fine with the same certicates in RACF. It is only when we try to use WebSphere to connect CICS via HTTPS, we get problems. Scenario: CICS TS 4.2 on z/OS v2.1, WebSphere IBM HTTP Server V5R3M0 on z/OS v1.3 (Yes, I know it is out of support.) with WebSphere HTTP Plug-in for z/OS and OS/390 Version 6.0 build level 6.1.0.22. Question: Where can we see what is causing the message 'HTTP 403 Forbidden'? SYSLOG and STCs output scanning, RACF SMF scanning and looking in OMVS files and folders yielded nothing. Many thanks in advance. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ========================== This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
