Specify your key ring.
Add or update the following parameter in the configuration member:
<BMC_PARM VALUE="R_DATALIB">
<BMC_PARM
VALUE="userID/yourKeyRingLabel" />
</BMC_PARM>Specifying R_DATALIB for the SSL_STORE VALUE attribute indicates that the certificate is attached to a key ring.
SSL_CERTIFICATE specifies the label for the key ring that you created and its associated user ID (both of which are required for UIM to access the key ring). This value must be a user ID, followed by a forward slash ( / ), followed by the key ring label. No additional white spaces can be present.
Specify your private key.
Add or update the following parameter in the configuration member:
<BMC_PARM VALUE="ICSF">
<BMC_PARM
VALUE="yourPkdsLabel"/>
</BMC_PARM>
Specifying ICSF for the SSL_STORE VALUE attribute indicates that the private key associated with your certificate is stored in the ICSF Private Key Data Set (PKDS).
The SSL_PRIVATE_KEY VALUE attribute provides UIM with the unique identifier of the private key associated with your certificate. Specify the same PKDS label value that you used when creating the initial, self-signed version of your certificate. This value should be the same value you used during your ADD (for RACF) or INSERT (for ACF2) command.
Specify the UIM encryption level.
Add or update the following parameter in the configuration member:
<BMC_PARM VALUE="SSL-IF" />BMC recommends using the value SSL-IF. In this mode (SSL/TLS Conditional), UIM accepts both SSL-enabled and non-SSL-enabled connections.
Alternatively, you can specify SSL-REQUIRED, which runs UIM in SSL/TLS Required mode. In this mode, UIM rejects all connection attempts that are not SSL enabled. Consequently, any UIM URLs that you have accessed via a web browser become unavailable; only their equivalent URLs beginning with https:// will be available.
