I have fixed my problem.Thanks :)
↧
Forum Post: RE: MDS2000E Admin ID "mfuser" failed to start server.
↧
Wiki Page: How to check if a user has access to the JES Resources drop-down menu
PROBLEM How can I determine whether a specific user has the required resource permissions to be able to access the 'JES Resources' drop-down option in ESMAC? RESOLUTION For a user to access the 'JES Resources' option, that user will have to be allowed access to the 'JCL*' resource which is in the MFESMAC class. See the online documentation for a list of ESMAC entities that can be controlled in this way. To determine which users (and groups) do have access to the 'JCL*' resource, the following commands/methods can be used: Note that these commands use the 'esfadmin' utility. It is also possible to use a GUI LDAP interface (such as ADSIedit for Windows) to obtain similar information. (See below for notes on the use of the ESFadmin command.) 1. Check which Users and Groups are allowed access to the resource To see what users and groups are (or are not) allowed access to the JES resources drop-down menu (which will require "Update" access to the "JCL*" resource in the MFESMAC class), use the ESFadmin command with the following options: LISTReferences RESOURCE=JCL* class="MFESMAC" This will return all of the 'allowed' users and groups for this resource, and also any that are specifically denied. eg: List 1 contains 5 items. NAME=JCL* TYPE=RESOURCE COMMENT=The resource itself (class MFESMAC) NAME=MyNewGrp9 TYPE=GROUP COMMENT=Class MFESMAC, ACE allow:MyNewGrp9 group:update NAME=user1 TYPE=USER COMMENT=Class MFESMAC, ACE allow: user1 :update NAME=ALLUSER TYPE=GROUP COMMENT=Class MFESMAC, ACE allow:ALLUSER group:read NAME=SYSADM TYPE=GROUP COMMENT=Class MFESMAC, ACE allow: SYSADM group:alter At this point it will be possible to see if a specific user has explicit access to this resource. In this particular example the user 'user1 ' does have explicit 'update' access to the JCL* resource. 2. Check whether the user is a member of one of the groups that has access to the resource If there is no explicit access to the resource for a user, it is necessary to check whether a user can access the resource via the group membership. This can be done using a command similar to the following: listGROUP GROUP=SYSADM LIST Command results: List 1 contains 1 items. GROUP= SYSADM DESC=ES System administrators group MEMBERS= GMCmfds1 ; SYSAD CUSTOM= UID=mfuid From this example we can now see from the ' MEMBERS ' list that SYSAD IS in the ' SYSADM ' group and therefore SYSAD will have access to the JCL* resource (as would any other user(s) in this group, in this case GMCmfds1 ) (Note that the actual access level is governed by the ACE in the Rescoure itself, and from (1.) above the ' SYSADM ' group has 'alter' access to the JCL* resource). ESFadmin command notes: example command: esfadmin -u SYSAD -p SYSAD -U "CN=MFReader,CN=ADAM Users,CN=Micro Focus,CN=Program Data,DC=local" -P MFReader_password -Sldap: // machine_name : ldap_port -c MF-HASH.cfg -a listreferences USER=SYSAD where: machine_name : ldap_port is the machine name of the ldap server and the port number on which the ldap instance is running Example: myLDAPhost : 389 The option " -c MF-HASH.cfg " means that the configuration file with this name will be used. Sample contents of this file: [LDAP] BASE =CN=Micro Focus,CN=Program Data,DC=local user class="microfocus-MFDS-User" user container=CN=Enterprise Server Users group container=CN=Enterprise Server User Groups resource container=CN=Enterprise Server Resources [Verify] Mode=MF-hash where 'BASE' must be the relevant BASE location for the ldap repository being used Also note that since 'Mode=MF-hash' is used and user class="microfocus-MFDS-User ", the user for the ' -u ' and ' -p ' options (i.e. in lowercase) in the ESFadmin command will come from the "Microfocus users" in the LDAP repository, which is why 'SYSAD' is a valid option (and this is also the default user here). For the -U and -P commands (in uppercase), a 'normal' Active Directory user (i.e. in the user class: ' user ') would have to be used. MFReader is setup as an Active Directory user on Windows (this user would appear under 'ADAM Users' in the active directory). However it is likely that its password will have to be reset to one that conforms to the domain policy (the default password ' mf_rdr ' probably does not conform). This can be done using an LDAP GUI utility such as ADSIedit on Windows. Note that the MFReader account by default has only 'read' access to the ldap respository. See the product online documentation for more information on the ESFadmin command : The online documentation also details what resource classes are used by Enterprise server
↧
↧
Forum Post: JFCB in SEP - how do I get a filename(DSN=) from the JCL to a variable within a Cobol program
I have a need to obtain the physical name of a dataset (DSN=my.flat.file), for processing by a Cobol program. In zOS, assembler code could be used to access the JFCB control block. Is there some similar method within MFES?
↧
Forum Post: RE: JFCB in SEP - how do I get a filename(DSN=) from the JCL to a variable within a Cobol program
ES supports the IEFJFCBN, according to the docs: documentation.microfocus.com/.../HCOMCMCBLKS001.html Does that meet your needs? (This isn't something I've used myself.) If not, I can dig into this further - it seems like something we would support one way or another. Another alternative is to use the %PCDSN extension to force a particular physical file for the DD. I don't know whether that's relative to your situation.
↧
Forum Post: RE: JFCB in SEP - how do I get a filename(DSN=) from the JCL to a variable within a Cobol program
Thanks Michael. I assume that the TIOT points to the JFCB. This would be a great way to solve an existing issue for us. Do you have an example program that access data from the IEFJFCBN?
↧
↧
Forum Post: RE: JFCB in SEP - how do I get a filename(DSN=) from the JCL to a variable within a Cobol program
in W-S copy MFJCTLBC.CPY ---------------------------------------------------------------- OBTAIN JobName ---------------------------------------------------------------- OBTAIN-JOB-NAME. INITIALIZE WS-JCL-DD-AREA WS-JCL-RETCODE. SET WS-JCL-FUNC-GET-EXEC TO TRUE. SET WS-JCL-EXEC-VERS-CUR TO TRUE. CALL 'MFJCTLBP' USING WS-JCL-FUNCTION WS-JCL-RETCODE WS-JCL-EXEC-AREA. DISPLAY ':We run under JobName = ' WS-JCL-job-jobname . ============================= OBTAIN DDName related to DD SET WS-JCL-DD-VERS-CUR TO TRUE. SET WS-JCL-FUNC-GET-DD TO TRUE. MOVE 'BPFJESO' TO WS-JCL-DDNAME. CALL 'MFJCTLBP' USING WS-JCL-FUNCTION WS-JCL-RETCODE WS-JCL-DD-AREA. perform varying JCL-FILENAME-Len from 256 by -1 until WS-JCL-FILENAME(JCL-FILENAME-Len:1) not = space continue end-perform MOVE WS-JCL-FILENAME(1:JCL-FILENAME-Len) to JCL-FILENAME-text
↧
Forum Post: RE: JFCB in SEP - how do I get a filename(DSN=) from the JCL to a variable within a Cobol program
A0100-GET-DD-INFO SECTION. SET WS-JCL-DD-VERS-CUR TO TRUE. IF WS-LK-SUB = 1 SET WS-JCL-FUNC-GET-DD-FIRST TO TRUE ELSE SET WS-JCL-FUNC-GET-DD-NEXT TO TRUE END-IF. CALL 'MFJCTLBP' USING WS-JCL-FUNCTION WS-JCL-RETCODE WS-JCL-DD-AREA. IF WS-JCL-RETCODE = 500 GO TO A0100-EXIT END-IF. IF WS-JCL-RETCODE NOT = ZERO DISPLAY '********************************************* UPON CONSOLE DISPLAY '* MFJCLINF-BAD RETURN CODE ON CALL TO MFJCTLB WS-JCL-RETCODE UPON CONSOLE DISPLAY '********************************************* UPON CONSOLE STOP RUN END-IF. MOVE WS-JCL-DDNAME TO LK-MFJCLINF-DDN (WS-LK-SUB). MOVE WS-JCL-DSNAME-DSN TO LK-MFJCLINF-DSN (WS-LK-SUB). MOVE WS-JCL-DSNAME-MBR TO LK-MFJCLINF-MBR (WS-LK-SUB). MOVE WS-JCL-FILENAME TO LK-MFJCLINF-PC-FILE (WS-LK-SUB). MOVE WS-JCL-DSORG TO LK-MFJCLINF-DSORG (WS-LK-SUB). MOVE WS-JCL-RECFM TO LK-MFJCLINF-RECFM (WS-LK-SUB). MOVE WS-JCL-TRTCH TO LK-MFJCLINF-TRTCH (WS-LK-SUB). MOVE WS-JCL-LRECL-MIN TO LK-MFJCLINF-LRECL-MIN (WS-LK-SUB). MOVE WS-JCL-LRECL-MAX TO LK-MFJCLINF-LRECL-MAX (WS-LK-SUB). ADD 1 TO WS-LK-SUB.
↧
Wiki: Enterprise Server Knowledge Base
↧
Wiki Page: Unable to get Performance Monitoring to work
PROBLEM No performance Monitoring 'counters' appear for Micro Focus servers, even though the region has been enabled for Performance Monitoring and is running. RESOLUTION 1. Check the Console log for CASAM messages: a) CASAM3017E Logged CASAM3017E will be seen in console.log if the user running Enterprise Server isn't able to update the Windows Registry Key for performance monitoring. The key is detailed in the error message, ie: 151210 15420572 9116 ESDEMO CASAM3017E ES Monitoring and Management unable to open performance registry key: " SYSTEM\CurrentControlSet\Services\Micro Focus Server\Performance ", RC=0005. M & M disabled. 15:42:05 The key is under HKLM (HKey Local Machine) To give the required access use windows 'RegEdit' to set the permissions for the above key to include the relevant user and give that user 'write' access. The user that will need this access will be the user that runs the Enterprise Server (CAS) processes. This will be the logged-on user if the command line 'casstart' is used to start the region. If the region is started from the GUI then it will be the user that MFDS is running under. (The relevant user can be checked when the region is running by looking in Windows Task Manager to see which user is running the CAS* processes for this region.) b) CASAM3014E Logged: For example: 151210 16270850 8640 ESDEMO CASAM3014E Unable to create Server Monitoring and Management shared memory. Monitoring and Management support disabled. 16:27:08 In this case the registry key HAS been correctly updated but the user doesn't have sufficient privilege to create the required Windows Global Shared memory . The ' Create Global Objects ' Policy is required for this user (see above about determining the relevant user). This can be set in the Windows 'Local Policy Editor ': Security settings -> Local Policies -> User Rights Assignment -> add the required user to this policy If either or both of the above changes were required, restart the region and again check for CASAM messages in the console.log c) CASAM3016I Logged This message mean: ES Monitoring and Management support enabled If CASAM3016I is seen in the console.log then neither of the above error messages should be seen as this means that both the registry key has been updated successfully and that the Global Memory has been written to. 2. No Performance Counters available with CASAM3016I in the Console.log If performance counters are still not visible for selection in Windows Performance Monitor but CASAM3016 is seen in the console.log, then the Windows Users need to be checked. It may be necessary to run the Windows Performance Monitor utility as a different user (in order that it can access the Global Shared memory that has been created/written to by the region). In order for Perf Mon to see the region's performance counters it has to be running as the same user that started the region , or as the Local System account. If the region is started from the command line, the Enterprise Server (CAS) processes will run as the logged-in account and when perfmon is started (in this same login session) the required access will be allowed and performance counters will be available. If the region is started from the GUI then the Enterprise Server (CAS) processes will run as the 'MFDS user' - by default this will be the Local System Account , in which case the counters should available. However if the MFDS is running under a different account (for example another local account) then the CAS processes will also run under this account and in this case PerfMon started as the logged-in user won't have access to the counters. To be able to use the peformance counters from a region started in this way, 'Perfmon.exe' will need to be started as the Local System Account (or the same account that is running the region). This can be done using the 'Sysinternals' utility "psexec" as follows: psexec –i –s perfmon psexec is part of the SysInternal PSTools suite available at: https://technet.microsoft.com/en-us/sysinternals/psexec.aspx If PerfMon is running as the correct user it should be possible to see and select the performance counters for this region when adding counters to a collection in PerfMon
↧
↧
Forum Post: Building ESODBCXA.dll
Based on the MicroFocus documentation here - http://documentation.microfocus.com/help/index.jsp?topic=%2Fcom.microfocus.eclipse.infocenter.enterprisedeveloper.vs2012%2FGUID-0C6A8C7F-CDCD-4151-87D9-71199060026F.html&cp=2_2_0_6_0_4_2_1_3 I tried to create dll from esodbcxa.cbl for using it in XA Resources under enterprise server. But while building it, I'm getting below error. Please share your thoughts on how to fix this. Building 32-bit switch module... Micro Focus COBOL Version 2.3.02178 Copyright (C) Micro Focus 1984-2017. All rights reserved. * Checking complete with no errors - starting code generation * Generating ESODBCXA * Data: 16 Code: 26632 Literals: 6372 Micro Focus COBOL - CBLLINK utility Version 2.3.2.67 Copyright (C) Micro Focus 1984-2017. All rights reserved. Microsoft (R) Incremental Linker Version 11.00.61030.0 Copyright (C) Microsoft Corporation. All rights reserved. ESODBCXA.obj cbllds00002194.obj LINK : fatal error LNK1181: cannot open input file 'odbc32.lib' Error building ODBC switch module. Ensure that the Windows SDK LIB directory is included in the setting of the LIB environment variable, and that you have WRITE permission to the current directory.
↧
Forum Post: RE: Building ESODBCXA.dll
One of the requirements to build the ODBC XA switch module is to have Windows Software Development Kit (SDK) installed. Below is from our documentation ( link ) Build Requirements To build the ODBC RM switch module, you must have the Windows Software Development Kit (SDK) installed for your version of Windows. Before building this switch module, ensure that your LIB environment variable contains the path to your Windows SDK LIB directory. For example, if you install Windows SDK 7.1, ODBC32.lib should be included in C:\Program Files\Microsoft SDKs\Windows\v7.1\Lib Therefore, set the following before building the ODBC switch. >set LIB=C:\Program Files\Microsoft SDKs\Windows\v7.1\Lib;%LIB% If you have Windows SDK 8.1 installed, ODBC32.lib is in c:\Program Files (x86)\Windows Kits\8.0\Lib\win8\um\x86
↧
Forum Post: XA problems with 3.0
I have the new ESMSSQL.dll built and running the only problem is when I go to do a request from SQL (Microsoft 2016) I get the data but I also get an error at the bottom. CASSP0015S Syncpoint PREPARE failure - resource state unpredictable 12:26:38 It is not really well documented for Micro Focus so I was hoping someone here might be able to help. Thanks
↧
Wiki Page: Enterprise Server security fixes, July 2017
CVE-2017-5187: A Cross-Site Request Forgery (CSRF) vulnerabilty, leading to Remote Code Execution (RCE), was found in MFDS. Additional anti-CSRF security measures have been added to the Enterprise Server Administration HTML GUI. CVE-2017-7420: An Authentication Bypass vulnerability was found in ESMAC. A problem with ESMAC display fields that enabled Authorization Bypass and caused XSS-related issues has been fixed. CVE-2017-7421 A Cross-Site Scripting (XSS) vulnerability was found in ESMAC and MFDS. Additional anti-stored-XSS security measures have been added to the Enterprise Server Administration HTML GUI. CVE-2017-7422 An XSS vulnerability was found in esfadmingui. This has been corrected. CVE-2017-7423 A CSRF vulnerability was found in esfadmingui. This has been corrected. CVE-2017-7424 Path Traversal vulnerability in esfadmingui: A path-traversal vulnerability has been fixed in the mfcs-esfadmin optional component of Enterprise Server. This vulnerability could allow a user with network access to a suitably-configured Enterprise Server region to download unauthorized files from the target system. Notes: MFDS and ESMAC issues apply to Micro Focus Enterprise Developer and Micro Focus Enterprise Server versions 2.3 and earlier (including older products), 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9. ‘esfadmingui’ issues apply to Micro Focus Enterprise Developer and Micro Focus Enterprise Server version 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9. Note that esfadmingui is an optional component that is not enabled by default. Update to 2.3 Update 1 Hotfix 8 (or later), 2.3 Update 2 Hotfix 9 (or later), or 3.0 for these fixes. Attribution: Micro Focus would like to thank Tim Thurlings and Meiyer Goren of Comsec Global for notifying us of these issues and working with us to investigate them, under a responsible-disclosure policy.
↧
↧
Forum Post: Trail License for Enterprise Server 3.0
Hi, I need trail license for Enterprise Server 3.0. Could you please help me with the steps for authorizing. Thanks, Ravi
↧
Forum Post: Transaction abend
Hello community, Can someone help me with the error below? Thanks for your time. Lucas Oliveira
↧
Forum Post: RE: Transaction abend
Lucas, can you post the console log from this ABEND ? Generally speaking, ASRA can be caused by a variety of conditions... from your screen shot, the transaction map displays, but the function you enter results in the ABEND. Do other functions work on this map ? Narrow down the offending function and turn on debugging (or send messages to the console). From the simple side, did this function ever work ? Did something change ? Please post your product and version (assuming enterprise developer 2.3)
↧
Forum Post: RE: Transaction abend
Thanks dpswind for your attention. I followed your tips about console.log and I belive to found the problem. Accord the console message, the application can't found the file called 'SQLADR': #CONSOLE.LOG +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 170828 09063633 1122546 EMBPROD CASSP0014S Process termination due to RTS error. Load error : file 'SQLADR' error code: 173, pc=0, call=1, seg=0 173 Called program file not found in drive// directory 09:06:36 170828 09063636 1122548 EMBPROD CASCD0144S SEP 00027 for ES EMBPROD exited with value 00255 09:06:36 170828 09063636 1122548 EMBPROD CASSP0002I Server manager informed of process termination, pinfo = S,0001122546 09:06:36 170828 09063737 CASCD0127I SEP 00028 created for ES EMBPROD, process- id = 1122550 09:06:37 170828 09063740 1122550 EMBPROD CASSI1500I SEP initialization started 09:06:37 170828 09063741 1122550 EMBPROD CASSI1600I SEP initialization completed successfully 09:06:37 170828 09063743 1122550 EMBPROD ESFEM1000I MLDAP ESM initialized 09:06:37 170828 09063743 1122550 EMBPROD ESFMI0200I Loaded ESM Module "MFES": MLDAP ESM version 1.7.1 09:06:37 170828 09063743 1122550 EMBPROD CASSI5021I PLTPI Phase 2 - No PLT Specified 09:06:37 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Would you know where the location of this file?
↧
↧
Forum Post: RE: Transaction abend
Hi Lucas, This might help you out... microfocus.com/.../NECOBSQLProCOBOLonWindows_tcm21-9577.pdf Kind regards, Torkel
↧
Forum Post: RE: z/VSE Jcl with SORT
It's important to create file in CATALOG and in directory of File .dat file. .Dat file can be created with Data Tools application.
↧
Wiki Page: How to set up secure access to MFDS and the ES Administration web page
Problem: MFDS acts as a web server and displays the Enterprise Server Administration web page. By default it is not set up for SSL secure access (i.e. a URL beginning with "https:"). How can a person set up SSL-secured access to MFDS from a local or remote browser without the browser showing a certificate error? Solution: A demonstration Certificate Authority is provided with the product for practice and proof of concept in setting up secure connections. After the concept is proven, end-users can design their own PKI (Public Key Infrastructure) and begin using an official CA in place of DemoCA. See the following link into the documentation, named "SSL and PKI Technology Primer": http://documentation.microfocus.com/help/topic/com.microfocus.eclipse.infocenter.visualcobol.eclipseux/GUID-7B2327C6-A987-49E1-B04C-10FBEE9CB5E3.html Step 1: Install DemoCA on the machine that will run Enterprise Server and MFDS. Installation is documented here: http://documentation.microfocus.com/help/topic/com.microfocus.eclipse.infocenter.enterprisedeveloper.eclipsewin/BKCKCKINTRS002.html Note: on Linux/UNIX the script "DemoCA_Setup.sh" must be run as root. Environment variables COBDIR and OPENSSL_CONF must be set before running DemoCA_Setup.sh. Set COBDIR to the location where the Micro Focus product is installed, for example: COBDIR=/opt/microfocus/VisualCOBOL export COBDIR (substitute the actual location if different than above). Set OPENSSL_CONF to $COBDIR/DemoCA before running DemoCA_Setup.sh. Enter: OPENSSL_CONF=$COBDIR/DemoCA export OPENSSL_CONF During installation you will be asked to specify the Common Name (CN). Specify the fully-qualified domain name (FQDN) of your machine (this may already appear as the default value). For example, enter "server1.yourcompany.com". Later when accessing the secure ES Admin web page you will have to use a URL that includes the FQDN. Step 2: Modify the file name "openssl.cnf" in the DemoCA install directory, changing this line: default_md = md5 to this: default_md = sha256 On Windows, use Administrator privileges to modify the file. For example, run Notepad as Administrator. On Linux/UNIX, use root privileges and an editor such as vi. Step 3: Run the re-install script. On Linux/UNIX this is named "reinstall_DemoCA.sh" in the directory where DemoCA was installed. Before running, set environment variables OPENSSL_CONF and SSLDIR to the directory where DemoCA was installed. Run as root with COBDIR set to where the Micro Focus product was installed. On Windows, run CMD (a command prompt) as Administrator. Change to the folder where DemoCA was installed. Set the environment variable OPENSSL_CONF to the file openssl.cnf, for example: set OPENSSL_CONF=C:\Program Files (x86)\Micro Focus\DemoCA\openssl.cnf Then run "reinstall_demoCA.cmd". When the screen says: writing new private key to 'private\CAkey.pem' Enter PEM pass phrase: Enter a phrase that you would remember, such as "srvrootpwd". Step 4: Run the "create_srv_req" script On Windows, this is named "create_srv_req.cmd". Run with Administrator privileges. On Linux/UNIX, the script is named "create_srv_req.sh". Run with COBDIR, OPENSSL_CONF, and SSLDIR set as above. When the script asks: Enter PEM pass phrase: enter srvrootpwd. On Windows, accept all the defaults for the Distinguished name. Make sure the Common Name specifies the FQDN (fully-qualified domain name). You do not need to specify a challenge password. Step 5: Run the "sign_srv" script. On Windows, this is "sign_srv.cmd". On Linux/UNIX it is "sign_srv.sh" If prompted for a passphrase, enter srvrootpwd Step 6: Access the ES Admin page using the URL http:// :86 , where FQDN is the Fully-Qualified Domain Name of the machine running MFDS. Configure MF Directory Server security with "Restrict administration access" and "Use encrypted connections". Specify a port number of your choosing. Select "Use custom server ID certificate". For Certificate, enter the full path and filename of the file srvcert.pem. For example, on Windows: C:\Program Files (x86)\Micro Focus\DemoCA\srvcert.pem Or for example on Linux/UNIX: /opt/microfocus/DemoCA/srvcert.prm depending on where DemoCA was installed. For Certificate passphrase: leave blank For Keyfile: enter the full path and filename of the file srvkey.pem For Keyfile passphrase: enter srvrootpwd Press Apply or OK. The screen will say: "(Specified SSL options pending...Directory Server restart required)". The secure options will go into effect when MFDS is re-started. Step 7: Set the environment variables MF_ROOT_CERT and MFDS_DNS_RESOLVE before re-starting MFDS On Windows, establish these environment variables at the system level. For example with Windows 7, use Control Panel > System and Security > System > Advanced System Settings > Environment variables: MF_ROOT_CERT=C:\Program Files (x86)\Micro Focus\DemoCA\private\CArootcert.pem (or the path to wherever DemoCA was installed) MFDS_DNS_RESOLVE=Y On Linux/UNIX, $COBDIR/bin/mfds is a shell script. Modify this script adding MF_ROOT_CERT and MFDS_DNS_RESOLVE=Y, for example: MF_ROOT_CERT=/opt/microfocus/DemoCA/private/CARootcert.pem export MF_ROOT_CERT MFDS_DNS_RESOLVE=Y export MFDS_DNS_RESOLVE Step 8: Re-start MFDS so it picks up the environment variables. On Windows, stop and re-start the MFDS service. The service is named mf_ccitcp2 and the description is "Micro Focus Directory Server". You can start and stop using Control Panel > Administrative Tools > View local services, or from a CMD prompt with Administrator privileges: net stop mf_ccitcp2 net start mf_ccitcp2 On Linux/UNIX, with root credentials, set the COBDIR environment variable to the install location of the MF product, for example: COBDIR=/opt/microfocus/VisualCOBOL export COBDIR (where /opt/microfocus/VisualCOBOL is the place you installed Visual COBOL). Invoke $COBDIR/bin/mfds -s to stop MFDS. Invoke $COBDIR/bin/mfds to re-start MFDS Step 9: Configure a browser, either local or remote, by importing CArootcert.pem from DemoCA as a Trusted Root Certificate Authority. You can use FTP to transfer CArootcert.pem to the machine where the browser is running. CArootcert.pem is in the "private" sub-folder of the DemoCA install directory. So on Windows, typically: C:\Program Files (x86)\Micro Focus\DemoCA\private\CArootcert.pem. On Linux/UNIX, CArootcert.pem is typically: /opt/microfocus/DemoCA/private/CARootcert.pem Step 10: Access the ES Admin page with the URL: http:// :86 Click "Log On". MFDS changes the URL to: https:// : /?page_000?action_LOGON Since MF Directory Server security was configured with "Restrict administration access", MFDS will require a login and password. Until you configure the credentials differently, the credentials are: User: SYSAD Password: SYSAD At that point, verify that you have access to the ES Administration screen, that the URL begins with "https:", and that the browser shows no certificate error. Successfully using DemoCA to prove the concept, shows that MFDS behaves correctly as a web server should behave, that is, MFDS cooperates with browsers such as Internet Explorer, Firefox, and Chrome in securing web connections. This demonstrates that MFDS does not have a bug in this area. At that point you are free to establish your company's security policies and design your own PKI, including your own Certificate Authority. DemoCA is not meant for use in production situations. See this documentation link named "Is the Demonstration CA a Real CA?": http://documentation.microfocus.com/help/topic/com.microfocus.eclipse.infocenter.enterprisedeveloper.eclipsewin/BKCKCKDECAUREA.html See also this documentation link named "Designing a PKI": http://documentation.microfocus.com/help/topic/com.microfocus.eclipse.infocenter.enterprisedeveloper.eclipsewin/BKCJCJDESI.html
↧