Working with the Secure Sockets Layer (SSL) on z/OS
This chapter describes how you set up and work with the Secure Sockets Layer (SSL) on z/OS. The operations we can perform are:
- Set up a key repository
- Working with a key repository
- Obtaining personal certificates
- Adding personal certificates to a key repository
- Managing digital certificates
- Working with Certificate Name Filters (CNFs)
Each section includes examples of performing each task using RACF. We can perform similar tasks using the other external security managers.
On z/OS, also set the number of server subtasks that each queue manager uses for processing SSL calls, as described in Set the SSLTASKS parameter.
z/OS SSL support is integral to the operating system, and is known as System SSL. System SSL is part of the Cryptographic Services Base element of z/OS. The Cryptographic Services Base members are installed in the pdsname.SIEALNKE partitioned data set (PDS) (for z/OS V1.5 or older, this PDS is named pdsname.SGSKLOAD). When you install System SSL, ensure that you choose the appropriate options to provide the CipherSpecs you require.
- Set the SSLTASKS parameter
- Set up a key repository
- Working with a key repository
- Obtaining personal certificates
- Adding personal certificates to a key repository
- Managing digital certificates
- Working with Certificate Name Filters (CNFs)
Parent topic:
Working with WebSphere MQ SSL support
sy12440_