Working with the Secure Sockets Layer (SSL) on z/OS

 

This chapter describes how you set up and work with the Secure Sockets Layer (SSL) on z/OS. The operations we can perform are:

• Set up a key repository

• Working with a key repository

• Obtaining personal certificates

• Adding personal certificates to a key repository

• Managing digital certificates

• Working with Certificate Name Filters (CNFs)

Each section includes examples of performing each task using RACF. We can perform similar tasks using the other external security managers.

On z/OS, also set the number of server subtasks that each queue manager uses for processing SSL calls, as described in Set the SSLTASKS parameter.

z/OS SSL support is integral to the operating system, and is known as System SSL. System SSL is part of the Cryptographic Services Base element of z/OS. The Cryptographic Services Base members are installed in the pdsname.SIEALNKE partitioned data set (PDS) (for z/OS V1.5 or older, this PDS is named pdsname.SGSKLOAD). When you install System SSL, ensure that you choose the appropriate options to provide the CipherSpecs you require.

• Set the SSLTASKS parameter
  

• Set up a key repository
  

• Working with a key repository
  

• Obtaining personal certificates
  

• Adding personal certificates to a key repository
  

• Managing digital certificates
  

• Working with Certificate Name Filters (CNFs)
  

 

Parent topic:

Working with WebSphere MQ SSL support

sy12440_