Refactor certificate documentation - bring your own key ring #4903
Conversation
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
MarkAckert
requested review from
1000TurquoisePogs,
Martin-Zeithaml,
anaxceron and
janan07
MarkAckert
added
area: install and config
|
😺 Thank you for creating this PR! To publish your content to Zowe Docs, follow these required steps.
Need help? Contact the Doc Squad in the #zowe-doc Slack channel. |
|
📁 The PR description is missing the file name(s) for the updated content. List all the files included in this PR so this information displays in our Zowe Docs GitHub Slack channel. If you have addressed this issue already, refresh this page in your browser to remove this comment. |
Signed-off-by: MarkAckert <[email protected]>
anaxceron
left a comment
anaxceron
left a comment
There was a problem hiding this comment.
Lots of great doc, @MarkAckert, thank ya!
Left some comments, mostly about Zowe style. Some are suggestions/questions and not requests for edits, per se. You make the call.
| ## Next steps | ||
|
|
||
| After you select your applicable certificate configuration scenario and review the certificate configurate sample in the article [Certificate configuration scenarios](./certificate-configuration-scenarios.md), you can continue to [Configure Zowe Certificates](./configure-certificates.md). | ||
| After you select your applicable certificate configuration scenario, you can proceed to [Certificate configuration scenarios](./certificates-configuration-scenarios.md). |
There was a problem hiding this comment.
Should we explain why the user can/should go to the config scenario article? Like: After blahblahblah, review Certificate configuration scenarios to determine the best setup for your site (or whatever).
Also, why should the user read this article if they've already decided on an "applicable certificate configuration scenario"? Wouldn't the article be redundant after they've made this decision? Not necessarily looking for a response, but want to make sure this sentence says what it's supposed to say.
There was a problem hiding this comment.
I'll frame up why users should be here at the start of the article and I'll try finding better language in this sentence. In short: Users are reading this article and taking the questionnaire so they can decide which of the 5 Zowe-assisted certificate generation scripts (a.k.a. scenarios) they will follow in the next article.
|
|
||
| ## Review JCERACFKS Certificate Configuration | ||
|
|
||
| Details about the JCERACFKS certificates used when Zowe is launched are specified in the `zowe.yaml` section `zowe.certificate`. This section contains information about the certificate name, certificate keystore, and certificate truststore. Both the keystore and truststore will be z/OSMF key rings in this case. |
There was a problem hiding this comment.
Per Zowe docs style, we avoid future tense. Is it possible/accurate to say "Both the keystore and truststore are z/OSMF key rings in this case."
|
|
||
| Details about the JCERACFKS certificates used when Zowe is launched are specified in the `zowe.yaml` section `zowe.certificate`. This section contains information about the certificate name, certificate keystore, and certificate truststore. Both the keystore and truststore will be z/OSMF key rings in this case. | ||
|
|
||
| If you've used Zowe Assisted Certificate Setup with `--update-config`, the `zowe.certificate` section should be filled out correctly for you. If you did not use `--update-config`, or are bringing your own JCERACFKS certificates, then customize your `zowe.yaml` file's `zowe.certificate` section using this guide: |
There was a problem hiding this comment.
- why is this text blue?
- please spell out the contraction
There was a problem hiding this comment.
- I don't see blue text in my current revision 👀
- complete
| ## Creating a PKCS12 keystore | ||
|
|
||
| Use can create PKCS12 certificates that are stored in USS. This certificate is used for encrypting TLS communication between Zowe clients and Zowe z/OS servers, as well as intra z/OS Zowe server to server communcation. Zowe uses a keystore directory to contain its external certificate, and a truststore directory to hold the public keys of servers it communicate with (for example z/OSMF). | ||
| Use can create PKCS12 certificates that are stored in USS. This certificate is used for encrypting TLS communication between Zowe clients and Zowe z/OS servers, as well as z/OS Zowe server to server communication. Zowe uses a keystore directory to contain its external certificate, and a truststore directory to hold the public keys of servers it communicate with (for example z/OSMF). |
Signed-off-by: Martin Zeithaml <[email protected]>
Corrected typos in the documentation regarding certificate labels and names. Signed-off-by: Martin Zeithaml <[email protected]>
Fixed formatting issues in YAML examples and export messages. Signed-off-by: Martin Zeithaml <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
As part of the work we're doing in zowe/zowe-install-packaging#4238 and zowe/zowe-install-packaging#4652 for Zowe 3.5.0, we're refactoring documentation to lead users towards bringing their own certificates and key rings to Zowe, rather than leading them to running through our
init certificatetool. As part of this work, I took the opportunity to re-organize some of the certificate documentation with the following goals:Still to do: