The Herb Garden

Documentation says:

"Ensure that the CICS region has access to the z/OS™ system SSL library SGSKLOAD by means of the STEPLIB or JOBLIB statements, or by using the system link library, as appropriate. "

This library no longer exists - don't worry.

Create RACF stuff.....

Define new FACILITY Classes as appropriate

• RDEFINE FACILITY IRR.DIGTCERT.ADD UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.ADDRING UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.CONNECT UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.DELETE UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.GENCERT UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.GENREQ UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
• RDEFINE FACILITY IRR.DIGTCERT.REMOVE UACC(NONE)
• SETR RACLIST(FACILITY) REFRESH

Give access to new FACILITY Classes

• PERMIT IRR.DIGTCERT.* CLASS(FACILITY) ID(CICSUSER) ACC(READ)
•  PERMIT IRR.DIGTCERT.CONNECT CLASS(FACILITY) ID(CICSUSER) ACC(CONTROL)
• PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(CICSUSER) ACC(CONTROL)
• PERMIT IRR.DIGTCERT.ADD CLASS(FACILITY) ID(CICSUSER) ACC(CONTROL)
• SETR RACLIST(FACILITY) REFRESH
• SETR RACLIST(DIGTCERT DIGTRING) REFRESH

Execute DFH£RING EX 'SYS1.CICSTS31.SETA.SDFHSAMP(DFH£RING)' + 'CICS GUI wuiservername FORUSER(CICSUSER)'

Create self-signed certificate

• RACDCERT ID(CICSUSER) - GENCERT SUBJECTSDN(CN('CICSWEB.Acme.CO.UK')) - SIZE(1024) - WITHLABEL('CICSWEB SERVER SELF SIGNED CERT')
• RACDCERT ID(CICSUSER) - ADDRING(CICSWEB.SELFSIGNED.CERTIFICATE)
• RACDCERT ID(CICSUSER) - CONNECT(LABEL('CICSWEB SERVER SELF SIGNED CERT') - RING(CICSWEB.SELFSIGNED.CERTIFICATE) - DEFAULT)

Minimum SIT parm change:

add KEYRING=Cics.Gui, (note case sensitive) TCPIPHOSTNAME(10.194.101.71) TCPIPPORT(1951) TCPIPSSL(YES) TCPIPSSLCERT(GUI-WEB-SERVER) <-- MUST be uppercase apparently remember to use https://.... when attempting to access the WUI.

• CICS