Step 1: Configuring AT-TLS

For each cloud provider that you plan to use for archiving inactive data, a valid certificate must be installed and configured.

Procedure

  1. Use a web browser to retrieve valid certificates using either of these methods:
    • For each cloud provider that you intend to use for archiving inactive data, retrieve a certificate from a Secure Socket Layer (SSL) certificate provider (Geotrust, Digicert, and so on), acting as a Root Certificate Authority.
    • Alternatively, in the browser's location field, type the URL for the cloud provider and then use the browser's certificate export feature to export the certificate to an uploadable file. You must export the Root CA.
  2. Upload each certificate to its own variable block flat file on the mainframe.
    If you are uploading more than one certificate, each certificate must be uploaded to a different file.
  3. For each certificate, issue a command to define the certificate to your security management software. This is the RACF® command: 
    RACDCERT ADD('CERT.DATASET.NAME') CERTAUTH TRUST WITHLABEL('LABELNAME')
    where:
    CERT.DATASET.NAME
    Indicates the name of the data set into which you uploaded the certificate.
    LABELNAME
    Indicates whatever label you want to use to help identify the certificate in RACF.
  4. Identify the keyring that will house all of the certificates in a single addressable entity:
    • If you choose to use an existing keyring, you can ignore this step and go on to step 5.
    • If you choose to create a new keyring for this purpose, issue the appropriate command for your security management software. This is the RACF command:
      RACDCERT ADDRING(RINGNAME)

      where RINGNAME is the name of the keyring that you want to define to RACF. RINGNAME can be whatever name you want.

  5. Connect the certificates to the keyring. For each certificate, issue the appropriate command for your security management software. This is the RACF command: 
    RACDCERT ID(SAFID) CONNECT(CERTAUTH LABEL('LABELNAME') RING(RINGNAME) USAGE(CERTAUTH))
    where:
    SAFID
    Indicates the name of the SAF ID that was used to add the certificate.
    LABELNAME
    Indicates the label that was used to add the certificate to RACF.
    RINGNAME
    • If you created and added a new keyring to RACF in step 4, RINGNAME is the name of that new keyring.
    • If you chose to use an existing keyring in step 4, RINGNAME is the name of that existing keyring.
  6. Issue the appropriate refresh command for your security management software. This is the RACF command: 
    SETROPTS RACLIST(DIGTRING) REFRESH

What to do next

Go on to Step 2: Enabling PAGENT.