Requirements and checklist

You need the assistance of a TCP/IP and security administrator to complete this customization task, which requires the following resources and special customization tasks:

  • PROFILE.TCPIP update
  • PROCLIB update
  • Security software updates
The following list is an overview of the actions that are required to complete the basic setup of AT-TLS and enable usage for communication with the z/OS® Explorer server:
  1. Control server port usage in rse.env
  2. Enforce encrypted communication in
  3. Setting up syslogd
  4. AT-TLS configuration in PROFILE.TCPIP
  5. Policy Agent started task
  6. Policy Agent configuration
  7. AT-TLS policy
  8. AT-TLS security updates
  9. AT-TLS policy activation
Throughout this chapter, a uniform naming convention is used:
  • RSE daemon port: 4035
  • RSE server port range: 8108 through 8117 (10 ports)
  • RSED started task user ID: STCRSE
  • Policy Agent user ID: PAGENTD
  • Policy Agent started task: PAGENT
  • Host IP address:
  • RSED daemon certificate alias: FEK.cert
  • RSED daemon certificate storage: FEK.keyring

Some tasks described in the following sections expect you to be active in z/OS UNIX. This can be done by issuing the TSO command OMVS. Use the oedit command to edit files in z/OS UNIX. Use the exit command to return to TSO.