AT-TLS configuration for use with Db2 Data Gate

Db2 Data Gate uses the z/OS® distributed data facility (DDF). Network connections to the DDF must be encrypted using the secure socket layer (SSL) encryption standard. These encrypted connections are not processed by Db2 Data Gate, but by a TCP/IP component of the z/OS operating system, which is called AT-TLS.

To use AT-TLS, the following prerequisites must be met:

  • The IBM® Encryption Facility for z/OS (ISCF) must be installed.
  • Transparent Transport Layer Security (TTLS) must be set as the standard to be used in the configuration statement of your TCPCONFIG data set (at the highest level).
  • The policy agent (PAGENT) must be started.
  • A server certificate is required. This certificate must be added to a dedicated RACF® key ring.

The instructions in the following sections presuppose that ISCF, TCP/IP, and the policy agent are already set up and running.