IBM Support

DFHAM4889 Installing resources like URIMAP with associated certificate label

Question & Answer


Question

Why am I receiving message DFHAM4889 when trying to install a CICS resource (for example, a URIMAP) with the CERTIFICATE attribute specifying a Label name of a certificate I want to share between several CICS regions that all have different region userids?

I have placed the certificate into each separate CICS KEYRING with the 'PERSONAL' usage option. I have given each region userid READ authority to the ring_owner.ring_name.LST resource in the RDATALIB class. I then activated the RDATALIB class by using the RACLIST command. I then try to install the URIMAP and continue to receive message:

DFHAM4889 E applid Install of URIMAP resourcename failed because attribute attname is invalid.

NOTE: The same failure message is issued for any resource attempted to be installed with the same certificate in question. Meaning an install of a JOURNALMODEL, TSMODEL, TCPIPSERVICE and CORBASERVER specifying the same certificate Label results the same message.

Answer

As you have discovered, you can use the RACF Facility Class RDATALIB to allow multiple CICS systems to share a single certificate, not owned by the CICS region userid. However, the CICS region user id should be granted UPDATE access instead of READ access.

Here is the procedure:

1) Connect the certificate to its key ring with the PERSONAL usage option.

2) If the certificate is a USER certificate, grant to the CICS region user ID that you want to use the certificate UPDATE authority to the ring_owner.ring_name.LST resource in the RDATALIB class.

3) Activate the RDATALIB class by using the RACLIST command.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Document Information

Modified date:
27 August 2015

UID

dwa1210383