Issue with docs.zowe.org/stable/user-guide/certificate-configuration-scenarios

[colinpaicemq]

Description

Scenario 4:

Please explain how do I specify the keyring owner.

Pages to Update

Screenshots

Expected behavior

Additional context

[1000TurquoisePogs]

The owner is going to be the account that runs the main zowe job
Which is specified here in a prior step https://github.com/zowe/zowe-install-packaging/blob/5df073065a221f6c60acd704f5a3fc6207d2ac46/example-zowe.yaml#L81

You do not want to backtrack at this stage, as this stage comes after security setup in which this user is already set up to be the runner of zowe.
Perhaps this document should remind the user of this?

[colinpaicemq]

I want to use the my existing keyrings, and not use the one generated by Zowe.
Because
a) They already exist
b) I have keyring and separate trust store which have all of the CA's of the people I work with
c) It would be a lot of work to distribute the Zowe CA to all the potential users, and get them to update their browser's keystore, and REST keystores.

I have in my yaml file

certificate:
keystore:
type: JCERACFKS
file: safkeyring:////START1/MYKERING
alias: CONN2.IZUDFLT
truststore:
type: JCERACFKS
file: safkeyring:////START1/MYTRUSTSTORE

[1000TurquoisePogs]

I agree, and most users agree. Most users do use keyrings they create external to Zowe, and specify it exactly as you did in your YAML.

But, I've never seen the keyring owner not be identical to the Zowe service ID.
The documentation doesn't cover the possibility of it being something else, and assumes due to the prior step of stating what that user is, there would be no need to customize further.