We would like a feature added to the installation of IDAA on z /OS which allows us to provide a certificate for the Admin UI interface to z/OS. Currently during installation, when logging into the Appliance Installer, a message appears indicating a certificate is not trusted because it was not signed or known by the customer domain. An Add Exception option allows you to proceed with the installation but our UI Admin connections are being flagged with a Qualys rating of HIGH which requires immediate remediation. Our options are to create an exception for the certificate supplied by IBM which is a difficult sell and it will eventually expire which will mandate a replacement.
We need an option which allows us to supply a signed certificate valid for our company at the time of the installation which would be stored and used within the container for the UI Admin SSL connection.
Based on current compliance and regulatory guidelines, the lack of such a feature is a show stopper for us and honestly we are very surprised that is not the case for most customers in today's environment.
|Who would benefit from this IDEA?||Any IDAA customer|
How should it work?
Ideally, during the installation process when the browser displays the warning for the trusted issuer, we would like the option to upload a certificate or configure that in an earlier panel.
|Priority Justification||Qualsys rating of HIGH for the non-trusted connection is not an option so exception for default certificate is required. The exception process is very difficult to pursue and is likely to only be granted for a very limited window.|
|Client Name||Wells Fargo Bank|
|IBM's success depends on gathering feedback from customers like yourself. Aha Ideas Portal is the third party tool through which IBM Offering Managers gather feedback from customers such as yourself.|
|IBM is a global organization with business processes, management structures, technical systems and service provider networks that cross borders. As such, the information collected through Aha Ideas Portal (Customer Name, Customer Email Address) will be stored by them in the United States, and handled only as per IBM's instructions and policies. Your data (Name and Email Address) will NOT be shared with other IBM customers.|
|In order to safeguard your information in Aha, do not leave your workstation unattended while using this application, log off after using it, and print only if necessary. If you need to make a hardcopy, remember to pick up the print-out immediately, keep it under lock, and destroy it immediately when no longer needed.|
|NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "email@example.com" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions|