Setting Up IBM Connect:Direct to Use Certificates

About this task

Before using the TLS or SSL protocol, you must set up IBM® Connect:Direct® to use certificates.
Note: When System SSL is in FIPS mode, there might be additional requirements. See z/OS V1R11.0 Cryptographic Services System Sockets Layer Programming SC24-5901-08 .

To set up IBM Connect:Direct to use certificates:

Procedure

  1. Ensure that the local IBM Connect:Direct node to be configured for the TLS or SSL protocol has either a key ring or a key database on the z/OS® image that contains its certificate.
  2. Record the following information on your local node record worksheet for use when you configure the local node record in the IBM Connect:Direct Secure Plus parameter file:
    • Name of the key ring or full file name of the key database
    • Label of the certificate in your key ring or key database
    • Password used when the key database was created
    Note: Key rings do not use passwords.
    Note: A certificate can be designated as the default certificate in the key ring or key database. The Secure parameter file definition can specify the use of the default certificate.
  3. If you are using a key database, issue the UNIX command chmod 666 to ensure that IBM Connect:Direct has permission to read from and write to the key database.
    Note: Write permission is not a requirement for normal functionality of IBM Connect:Direct Secure Plus. However, remote management of Secure Plus through IBM Control Center may require write permissions to insert and update certificates in the key database.