Andrew, The mechanics are pretty basic, at least conceptually. AT-TLS (in Communications Server for z/OS) supports both TLS/SSL server certificate authentication and TLS/SSL client certificate authentication. The Policy Agent configuration is what decides which authentication(s) apply.
If you'd like an introduction to how this all works, this one is fairly good, although it's slightly dated (written/recorded about 6 years ago): https://www.ibm.com/support/docview.wss?uid=swg27028558 As a reminder, IPsec is another potential option. It depends on what you're trying to accomplish, but both approaches have their roles. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
