To enable the NSSD to process received hash and URL certificate
encoding, perform the following steps:
- Ensure that HTTP traffic is not impeded by IP filter rules.
Tip: If IP filtering is enabled on the system where the network
security server is running, ensure that the correct filter rules are
in place to allow communication with the HTTP servers that are identified
on a CertificateURL or CertificateBundleURL, as well as any HTTP servers
used by the remote security endpoint of the network security client.
This communication typically uses the TCP protocol with an ephemeral
source port and a destination port of 80.
- Use the URLCacheInterval parameter on the IPSecDisciplineConfig
statement in the NSSD configuration file to determine the maximum
amount of time that URL data is cached before being re-fetched from
an HTTP server. For more details about the URLCacheInterval parameter,
see z/OS Communications Server: IP Configuration
Reference.