Use CA Top Secret Digital Certificates as a secure way to identify users when using OE/FTP services.
To authenticate a Mainframe FTP Server from a FTP client on the PC
TSS GENCERT(FTPS) DIGICERT(FTPSCERT)
The FTP server's certificate is generated and added to the FTP region ACID FTPS.
TSS ADD(FTPS) KEYRING(FTPSRING)
LABLRING(FTPSRING)
The FTP server's KEYRING is created.
Note: There are no blank spaces in the LABLRING.
TSS ADD(FTPS) KEYRING(FTPSRING)
RINGDATA(FTPS,FTPSCERT)
DEFAULT
USAGE(PERSONAL)
The FTP server's certificate is added to the FTP server's KEYRING.
TSS EXPORT(FTPS) DIGICERT(FTPSCERT)
DCDSN('FTPS.SERVER.CERT')
The FTP server's certificate is copied to a dataset. The dataset is automatically created and cataloged.
TSS PER(FTPS) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE|CONTROL) TSS PER(FTPS) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE|CONTROL) TSS PER(FTPS) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE|CONTROL) TSS PER(USRA) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE|CONTROL) TSS PER(USRA) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE|CONTROL) TSS PER(USRA) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE|CONTROL)
Use ACC(CONTROL) only if CERTSITE is the owner of the certificate.
The FTP ACID is permitted to the SSL KEYRING, certificates, and mappings.
The keyring name is established with FTP, client authentication is disabled, and FTP server authentication is activated.
For more information on activating digital certificates with FTP, see the IBM documentation.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|