Minimally, both parties in an SSL session require certificates that the same certificate authority has signed, and installed in the z/OS security database. In the CCISSL and CCISSLGW procedures, you are required to define at least the following keywords:
CLAUTH=Y, CERT='certificate_name' KEYRING='keyring_name'
On distributed platforms, the local application must be properly configured for SSL. An SSL path and Certificate Authority directory must be available to the application.
For the initial SSL setup of SSL, we recommend that you use the default certificates. These certificates are delivered with the CAICCI product in the CAW0OPTN data set. These certificates are the CCISSL client certificate, CCIP12, and the Certificate Authority certificate, CCIRTARM. For the distributed side, the downloadable executables, CCIPCS32 and CCIPCS64, also found in the CAW0OPTN data set, extract CCI.PEM and CCIROOT.PEM, which are the client and CA certificates, respectively.
The setup and deployment of SSL and certificates is an involved process. For more information, see Tech Note TEC413258 titled 'CAICCI-SSL and External Security'. This Tech Note resides at the CCS web page at support.ca.com.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|