About this task
Before using the TLS or SSL
protocol, you must set up
IBM® Connect:Direct® to
use certificates.
To
set up IBM Connect:Direct to
use certificates:
Procedure
- Ensure that the local IBM Connect:Direct node
to be configured for the TLS or SSL protocol has either a key ring
or a key database on the z/OS® image
that contains its certificate.
- Record the following information on your local node record
worksheet for use when you configure the local node record in the IBM Connect:Direct Secure Plus parameter
file:
- Name of the key ring or full file name of the key database
- Label of the certificate in your key ring or key database
- Password used when the key database was created
Note: Key rings do not use passwords.
Note: A certificate can be designated as the default certificate in the key ring or key database.
The Secure parameter file definition can specify the use of the default certificate.
- If you are using a key database, issue the UNIX command chmod 666 to ensure that IBM Connect:Direct has
permission to read from and write to the key database.
Note: Write permission is not a requirement for normal functionality of IBM Connect:Direct Secure Plus. However, remote
management of Secure Plus through IBM Control Center may require write permissions to insert and
update certificates in the key database.