IBM Redbooks and IBM Systems Worldwide Client Experience Centers are teaming up to bring your a series of technical enablement papers. These papers present step-by-step prescriptive instructions for completing a specific task based upon our extensive expertise. We're kicking things off with an IBM Redpaper describing how to enable TLS security with IBM Personal Communications (better known as PCOMM). You can read the Redpaper here: IBM Personal Communications and IBM z/OS TTLS Enablement.
Here are five things to know:
1. You can TLS-enable your PCOMM session by enabling Tunneled Transportation Layer Security
In our Redpaper we describe introducing Transport Layer Security to z/OS so IBM Personal Communications (PCOMM) uses TLS security. To do this we enable Tunneled Transport Layer Security (TTLS) on your IBM z/OS for use with a PCOMM TN3270 connection. When you complete this task, you require a certificate to access your TN3270 PCOMM session.
2. Be careful not to lose access to z/OS via PCOMM
Enabling PCOMM TTLS introduces the possibility that you lose access to your z/OS via PCOMM. Make sure that you have an alternative method to back out any change that you make. The Redpaper describes a couple of options.
3. The configuration is a seven-step process
In the Redpaper you'll see the seven steps are: 1) install and configure PAGENT; 2) create a key ring and certificate; 3) modify TCPIP; 4) modify TN3270; 5) verify TLS PCOMM port; 6) turn off non-TLS PCOMM port; and 7) verify TLS-enabled PCOMM.
4. No valid certification, no entry
A TLS-secured port means access to PCOMM will be denied without a valid certificate from the Certificate Management application. You can verify this by temporarily removing this certificate and trying to access PCOMM - if all went well your access will be denied.
5. We're here to help
The IBM Redpaper IBM Personal Communications and IBM z/OS TTLS Enablement contains 30+ pages of instructions, screenshots, and commands to guide you through the process. Let us know how you do.