IBM Connect:Direct Access to System Resources for SSL or TLS
Before you can configure the Connect:Direct® Secure Plus records to use the SSL or TLS protocol, you must ensure that the IBM Connect:Direct components have access to the resources listed in the following table.
Component | Access to Resource |
---|---|
IBM Connect:Direct | z/OS UNIX System Services or POSIX environment, must be installed and set up for IBM Connect:Direct access. |
Access to the following APF-authorized IBM system
libraries through the STEPLIB or LINKLST:
|
|
For end-user server certificates with ICSF private
key type:
|
|
IBM Connect:Direct User ID (under which DTF runs) | Address space uses the maximum sockets (and other TCP/IP configurations) assigned by the UNIX System Services |
OMVS access | |
A default UNIX directory | |
UPDATE authority to the BPX.SERVER facility | |
READ authority to the CSFSERV facility class | |
SSL/TLS | Access to key database or key ring as follows:
|
Access to the following APF-authorized IBM system
library through the STEPLIB or LINKLST:
|
|
Permission to read IBM Connect:Direct key
ring that is created using RACDCERT, as follows:
|
|
IBM Connect:Direct User ID key database or key ring | Verification of other certificates requires access
to the trusted root certificate of either:
|
IBM Connect:Direct Secure Plus Parameter file | Your node must have a remote node record in the parameter file of each of your trading partners that will use secure connections. |