Refactor certificate documentation - bring your own key ring

docs/appendix/zowe-security-glossary.md

@@ -74,6 +74,7 @@ If you do not yet have certificates, Zowe can create self-signed certificates fo
 - [Extended key usage](#extended-key-usage)
 - [Hostname validity](#hostname-validity)
 - [z/OSMF access](#zosmf-access)
+
 ### Extended key usage
 Zowe server certificates must either not have the `Extended Key Usage` (EKU) attribute, or have both the `TLS Web Server Authentication (1.3.6.1.5.5.7.3.1)` and `TLS Web Client Authentication (1.3.6.1.5.5.7.3.2)` values present within.
 
@@ -88,29 +89,21 @@ The z/OSMF certificate is verified according to Zowe [Certificate verification s
 
 
 ## Certificate setup types
-Whether importing or letting Zowe generate certificates, the setup for Zowe certificate automation and the configuration to use an existing keystore and truststore depends upon the content format: file-based (`PKCS12`) or z/OS key ring-based.
+Zowe requires certificates in one of two formats: file-based (`PKCS12`) or z/OS key ring-based. If you are bringing your own previously defined certificates to Zowe, you can configure `zowe.certificate` with this information directly. If you are not bringing your own certificates, [Zowe can assist](../user-guide/certificates-configuration-scenarios.md) with certificate generation.
 
 - [File-based (PKCS12) certificate setup](#file-based-pkcs12-certificate-setup)
 - [z/OS key ring-based certificate setup](#zos-key-ring-based-certificate-setup)
+
 ### File-based (PKCS12) certificate setup
 
 Zowe is able to use PKCS12 certificates that are stored in USS. Zowe uses a `keystore` directory to contain its certificates primarily in PKCS12 (`.p12`, `.pfx`) file format, but also in PEM (`.pem`) format. The truststore is in the `truststore` directory that holds the public keys and CA chain of servers which Zowe communicates with (for example z/OSMF).
 
-### z/OS key ring-based certificate setup
-
-Zowe is able to work with certificates held in a **z/OS Key ring**.
+Generating PKCS12 certificate is covered in [Certificate configuration scenarios](../user-guide/certificates-configuration-scenarios.md), Scenarios 1 and 2.
+Configuring PKCS12 certificates is covered in [Finalize certificate configuration](../user-guide/certificates-finalize-configuration.md).
 
-The JCL member `.SZWESAMP(ZWEKRING)` contains security commands to create a SAF keyring. By default, this key ring is named `ZoweKeyring`. You can use the security commands in this JCL member to generate a Zowe certificate authority (CA) and sign the server certificate with this CA. The JCL contains commands for all three z/OS security managers: RACF, TopSecret, and ACF2.
-
-There are two ways to configure and submit `ZWEKRING`:
-
-- Copy the JCL `ZWEKRING` member and customize its values.
-- Customize the `zowe.setup.certificate` section in `zowe.yaml` and use the `zwe init certificate` command.
-
-  You can also use the `zwe init certificate` command to prepare a customized JCL member using `ZWEKRING` as a template.
+### z/OS key ring-based certificate setup
 
-A number of key ring scenarios are supported:
+Zowe is able to work with certificates held in a **z/OS key ring**.
 
-- Creation of a local certificate authority (CA) which is used to sign a locally generated certificate. Both the CA and the certificate are placed in the `ZoweKeyring`.
-- Import of an existing certificate already held in z/OS to the `ZoweKeyring` for use by Zowe.
-- Creation of a locally generated certificate and signed by an existing certificate authority. The certificate is placed in the key ring.
+Generating keyrings with certificates is covered in [Certificate configuration scenarios](../user-guide/certificates-configuration-scenarios.md), Scenarios 3 through 5.
+Configuring keyrings with certificates is covered in [Finalize certificate configuration](../user-guide/certificates-finalize-configuration.md).

docs/getting-started/zowe-security-overview.md

@@ -82,8 +82,6 @@ For more information about the SAF resource check, see [Configuring SAF resource
 ## Additional resources
 For more information about getting started with certificates including determining your certificate configuration use case, importing certificates, generating certificates and using certificates, see the following resources:  
 
-- [Certificate configuration scenarios](../user-guide/certificate-configuration-scenarios.md)
-- [Generating a certificate](../user-guide/generate-certificates.md)
-- [Importing and configuring a certificate](../user-guide/import-certificates.md)
+- [Certificate configuration scenarios](../user-guide/certificates-configuration-scenarios.md)
 - [Configuring certificates](../user-guide/configure-certificates.md)
 

docs/troubleshoot/known-issues-with-apiml.md

@@ -201,6 +201,6 @@ Request a new certificate that contains a valid z/OSMF host name in the subject
 
 ### Re-create the Zowe keystore
 
-Re-create the Zowe keystore by deleting it and re-creating it. For more information, see [Importing a file-based PKCS12 certificate](../user-guide/import-certificates.md#importing-an-existing-pkcs12-certificate).  The Zowe keystore directory is the value of the `KEYSTORE_DIRECTORY` variable in the `zowe.yaml` file that is used to launch Zowe.
+Re-create the Zowe keystore by deleting it and re-creating it. For more information, see [Scenario 2: Importing a file-based PKCS12 certificate](../user-guide/certificates-configuration-scenarios.md#scenario-2-use-a-file-based-pkcs12-keystore-and-import-a-certificate-generated-by-another-ca).  The Zowe keystore directory is the value of the `KEYSTORE_DIRECTORY` variable in the `zowe.yaml` file that is used to launch Zowe.