Records Settings in the z/OS Remote Node Record for OpenVMS Parameter File

The following example shows the remote node record that defines the Connect:Direct® for z/OS® node named Q1A.ZOA.V4700. The OpenVMS network map contains an adjacent (remote) node record with the exact same name.

                 Node Name:    Q1A.ZOS.V4700
                 Node type:    R
 1.               Protocol:    TLS1.0
 2.  Client Authentication:    y
 3. Authentication timeout:    100
 4.Certificate common name:    mfsscert_a
 5.  Root Certificate file:    disk$data:[qaitan.q1a]mfcert_a.txt
 6.   Key Certificate file:    disk$data:[qaitan.q1a]2048sskeycert.txt
 7.             Passphrase:    ****
 8.          Cipher suites:  EXP_RC4_MD5,RC4_MD5,RC4_SHA,EXP_RC2_CBC_MD5,IDEA_CBC_SHA,
EXP_DES_CBC_SHA,DES_CBC_SHA,DES_CBC3A

When the OpenVMS node is the server, it requests that the client authenticate itself (Client Authentication = Y) and send its certificate common name (mfsscert_a) for an extra layer of authentication. The public key information for the z/OS node is stored in the Root Certificate file named mfcert_a.txt; its location is specified (disk$data:[qaitan.qla]).

The key certificate file contains the information that identifies the OpenVMS node to other nodes (disk$data:[qaitan.q1a]2048sskeycert.txt). In order for the OpenVMS system to access its private key to send information to the other node, the passphrase must be entered as well. The z/OS node validates this key certificate information against the information stored in its GSKYYMAN database.

The cipher suites are listed in the order of preference, and the first one that matches a cipher suite defined for the other node is used to establish a session.