This video shows how to create a self signed certificate for use by Zowe, that will be held in a unix system services directory keystone. If you are setting up Zowe to communicate with z/OSMF you need to know whether the z/OSMF certificate is signed by a trusted authority or not. A good way to do this is to curl to the URL /zosmf/info on your machine, and the response will let you know whether the certificate can be trusted or not. In our case it’s a self signed certificates. Next open a shell in the USS environment where Zowe is installed. We’re using ssh in this video. Zowe is installed into the home directory /zowe/1.25.0 so set this to be the current directory, and navigate into the /bin. This contains a number of scripts and other files used for Zowe configuration, For certificate generation the files we’ll be using awe zowe-setup-certificates.sh and its input parameters held in zone-setup-certificates.env. We’ll need to change some values in zowe-setup-certificates.env. You can use any editor for such as ISPF or VI, and in this video we’re going to use the Zowe Explorer extension within VS Code. Locate the zowe-setup-certificates.env which contains a number of key value pairs. On our system z/OSMF is self signed which means that Zowe will reject it as untrusted and we must set VERIFY_CERTIFICATES to be false to disable trust checking. If on your system z/OSMF certificate is signed by a trusted CA you can leave VERIFY_CERTIFICATES to be true. Specify the directory for the generated certificate to be stored. The default setting /global/zowe/keystore is good for shared production certificates in a sysplex, however for this install video we’ll change it to be my home directory /zowe_keystore. Back in the unix system services shell, execute the script zowe-setup-certificates.sh. This will take the zowe-setup-certificates.env file we edited earlier as its input criteria to generate the keystore directory and its content. Progress feedback is given throughout the scripts execution. In the Zowe Explorer we can check the contents of the newly generated keystore directory which contains a local_ca sub directory holding the self signed certificate authority, and a localhost directory holding the certificate itself, together with a trust store and key store.