We had a similar issue sometime back when upgrading to 2.1, the TLS support needed was never order, we're were running AT-TLS 2.0 I belive, been a while, so make sure TLS is installed, as someone already suggest the SSL trace should show you exactly what your region is needing and what's available for the handshake Carmen
----- Original Message ----- From: "Elardus Engelbrecht" <[email protected]> To: [email protected] Sent: Wednesday, August 23, 2017 5:09:26 AM Subject: SSL with WebSphere and CICS Cross posted between RACF-L and IBM-MAIN: Good day to all, Before we submit a PMR to IBM, I wish to ask for help on these 2 discussion lists. My colleague successfully used WebSphere on LPAR A to access CICS on LPAR B using HTTP Server using Non-SSL connection. But when we enable SSL using the Certificate setup in RACF as per IBM's manuals like these redbook 'Securing CICS Web Services', 'Implementing CICS Web Services' and other books for WebSphere and CICS, ... we got a 'HTTP 403 'Forbidden' when we try to use https://<....>:3103/cics/... Same address with https changed to http is working 100% fine, fast and no problem at all. Note - CICS by itself is working 100% fine with the same certicates in RACF. It is only when we try to use WebSphere to connect CICS via HTTPS, we get problems. Scenario: CICS TS 4.2 on z/OS v2.1, WebSphere IBM HTTP Server V5R3M0 on z/OS v1.3 (Yes, I know it is out of support.) with WebSphere HTTP Plug-in for z/OS and OS/390 Version 6.0 build level 6.1.0.22. Question: Where can we see what is causing the message 'HTTP 403 Forbidden'? SYSLOG and STCs output scanning, RACF SMF scanning and looking in OMVS files and folders yielded nothing. Many thanks in advance. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
