Scenario: Certificate renewal

Scenario overview

Speaker's script

Now, change your role to that of a security administrator. You have just been informed that one of your SSL certificates signed by a Certificate Authority is expiring soon. Secure Sockets Layer (SSL) certificates, sometimes called digital certificates, are used to establish an encrypted connection between communicating parties over a network. Certificate management is crucial for maintaining the security of our company's z/OS environment, but it has been a while since you have performed this action. You recall there are many steps required on z/OS and various RACF commands that need to be run to renew a certificate. Rather than going to your senior security administrator for assistance, you leverage watsonx Assistant for Z to help automate the certificate renewal process. By automating these processes with Ansible, you ensure critical certificates are always up to date and reduce the risk of expired certificates disrupting your services.

Responses from the virtual assistant are likely to change

Responses generated by IBM watsonx Assistant for Z are likely to change over time. The responses you see when you run the queries in this section may differ from the screen images captured in the IBM watsonx Assistant for Z for Technical Sales Level 3 Demonstration Guide. Using the exact queries specified will help assure a successful demonstration. Also, as updates to the environment are made, some confirmation dialogs may no longer be displayed as illustrated in the Example outputs.

Prerequisite steps

To run this scenario, a certificate must first be created.

Copy and paste the prompt

Use the copy icon () to copy prompts from this demonstration guide and then paste the prompt using Ctrl+V, or right click and select Paste.

Using the virtual assistant:

1. Create a certificate.

   Prompt:

   create a certificate
   

   Example output:

   

2. Complete the form for the (a-f) z/OS Certs - Create Cert skill and click (g) Apply.

   Input values:

   • (a) Certificate Label: <Enter a unique label of your choice, for example "yourNameCert". Record the label as it is needed later.>
   • (b) CERT TYPE: SITE
   • (c) Expiration date: <Enter an expiration date within the next 30 days in the format YYYY-MM-DD>
   • (d) Common name: <Enter a unique label of your choice, for example "company.com". Record the name as it is needed later. Do NOT use test.com**>
   • (e) SIGN WITH: CERTAUTH
   • (f) SIGN LABEL: TESTCA

   

   Example output:

   

The new certificate is created (despite the last message status of pending).

Prompts and Example outputs

1. Ask the assistant how to check on an expiring certificate and then click Yes to retrieve the certificate details.

   Prompt:

   I have a SSL certificate on z/OS expiring soon. How do I check when my certificate is going to expire?
   

   Example output:

   

3. Enter the certificate label of the certificate created earlier.

   

4. Wait approximately 10 seconds and then click Apply.

   

5. Review the certificate information and then click Yes to renew the certificate.

   

6. Enter a new date for the certificate in the form of YYYY-MM-DD.

   

7. Wait approximately 1 minute and then click Yes.

   

8. Wait approximately 30 seconds and then click Apply.

   

9. Verify the certificate expiration date has changed to the value specified in step 6.

   

Cleanup steps

Following the demo, cleanup the system by deleting the original certificate created.

Using the virtual assistant:

1. Delete the certificate.

   Prompt:

   delete cert
   

   Example output:

   

2. Complete the form and click Apply.

   Input values:

   • CERT LABEL: <Enter the original certificate label that you created.>
   • CERT TYPE: SITE