Enabling SSL on z/OS IBM Integration Bus by using AT-TLS

You can use Application Transparent Transport Layer Security (AT-TLS) to provide Secure Sockets Layer (SSL) services on behalf of IBM® Integration Bus on z/OS®. AT-TLS is part of z/OS Communication Server.

About this task

You can enable SSL by following the instructions in Implementing SSL authentication on z/OS. This topic describes an alternative method that uses AT-TLS to enable SSL without the need to complete configuration steps in IBM Integration Bus. AT-TLS provides the following benefits when using SSL/TLS protocols with IBM Integration Bus on z/OS:
  • AT-TLS uses RACF® key rings and certificates.
  • The Policy Agent (PAGENT) manages the rules and policies that define how SSL is used to connect to IBM Integration Bus.
  • PAGENT can distribute the rules and policies in a z/OS SYSPLEX environment.
  • The IBM Integration Bus administrator does not have to set any IBM Integration Bus properties for SSL.
  • HTTP or SOAP nodes in message flows can have standard HTTP settings (no SSL/HTTPS).

To configure AT-TLS in your z/OS environment for IBM Integration Bus , complete the following steps:

Procedure

  1. Create a RACF key ring by following the instructions in Creating a RACF key ring.
  2. Configure and activate PAGENT by following the instructions in Configuring and activating the policy agent (PAGENT).
  3. Define and install AT-TLS policies for IBM Integration Bus by following the instructions in Defining and installing AT-TLS policies.