This section describes how to create a key ring in order to successfully connect with the Slack servers.
There are five steps required to correctly configure SAF for use by the Client Web Enablement Toolkit.
- Download the certificate of the CA (Certificate Authority) used by Slack
- Copy the certificate into the z/OS environment
- Add the CA certificate into SAF as TRUSTed
- Create a key ring for use by the Rexx exec
- Connect the CA certificate with the key ring
The commands here assume the use of RACF: see your SAF documentation if an alternative is used. All commands assume they are being executed under the userid that will execute the SLACK Rexx exec.
Determine the root CA (Certificate Authority) used by Slack and the certificate. You can determine this by visiting the Slack homepage using your browser and examining the CA certificate used.
At the time of writing, this is DigiCert and the root CA certificate in use has the name DigiCert Global Root CA. You can download the certificate from the DigiCert Trusted Root Authority Certificates page.
Save this binary-encoded CRT file onto your workstation.
FTP the CRT file from your workstation to a z/OS UNIX environment using binary mode transfer.
To validate the certificate in the z/OS UNIX environment, the following command will display the certificate details.
openssl x509 -in DigiCertGlobalRootCA.crt -inform der -text -nooutNow copy this DER-encoded certificate to a sequential data set:
tso OGET "'DigiCertGlobalRootCA.crt' 'hlq.SLACK.CRT' BINARY"Add the certificate into SAF as a TRUSTed Certificate Authority:
RACDCERT ADD('hlq.SLACK.CRT') CERTAUTH TRUST WITHLABEL('DigiCert Global Root CA')
Define a SAF key ring named SLACK for the current user:
RACDCERT ADDRING(SLACK)
Connect the newly-added certificate with the new key ring:
RACDCERT CONNECT(CERTAUTH LABEL('DigiCert Global Root CA') RING(SLACK))