I will also note that z/OSMF provides a Configuration Assistant that can help set up AT/TLS, which might be easier for first-time exploiters of TLS.
Ant. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Timothy Sipples Sent: Friday, 16 June 2017 2:01 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: changing batch job to use SSL Andrew, The mechanics are pretty basic, at least conceptually. AT-TLS (in Communications Server for z/OS) supports both TLS/SSL server certificate authentication and TLS/SSL client certificate authentication. The Policy Agent configuration is what decides which authentication(s) apply. If you'd like an introduction to how this all works, this one is fairly good, although it's slightly dated (written/recorded about 6 years ago): https://www.ibm.com/support/docview.wss?uid=swg27028558 As a reminder, IPsec is another potential option. It depends on what you're trying to accomplish, but both approaches have their roles. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
