A certificate generated by the GENCERT command used for SSL server authentication must be exported to the client's repository. The public key must be available to decrypt the server's certificate during the SSL authentication handshake.
Client software might be PC workstation, Internet browser, AS400, Windows NT, MQSeries, FTPSSL, or QWSSSL. They also need authority to the IBMFAC.
To establish IBMFAC authority
TSS ADD(tssdept) IBMFAC(IRR)
The IBMFAC is owned.
TSS PERMIT(tssadmin1) IBMFAC(IRR.DIGTCERT.LISTRING)
ACCESS(UPDATE)
Permission is applied to the administrator.
If the administrator submits batch scripts for certificates, they must include REGION=0M in their job statement within the JCL.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|