|
|
|
At a minimum, both parties in an SSL session require certificates that are signed by the same certificate authority, and installed in the z/OS security database. In the CCISSL & CCISSLGW procedures, it is required that at least the following keywords are defined:
CLAUTH=Y, CERT='certificate_name' KEYRING='keyring_name'
On distributed platforms, it is imperative that the local application be properly configured for SSL, and that an SSL path and Certificate Authority directory are available to the application.
For an initial setup of SSL, it is recommended to utilize the default certificates delivered with the CAICCI product in the CAW0OPTN data set. These would be the CCISSL client certificate named CCIP12, and the Certificate Authority certificate named CCIRTARM. For the distributed side, the downloadable executables named CCIPCS32 and CCIPCS64, also found in the CAW0OPTN data set, will extract CCI.PEM and CCIROOT.PEM which are the client and CA certificates, respectively.
Since the setup and deployment of SSL and certificates is an involved process, for more information see Tech Note TEC413258 titled 'CAICCI-SSL and External Security'. This Tech Note can be found on the CA Common Services for z/OS web page at the support.ca.com web site.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |