Configuring secure communications from CICS TG client applications to Z APM Connect Distributed Gateway on Linux

Edit online

After you set up secure communications from CICS Transaction Gateway (CICS TG) on z/OS to Z APM Connect Distributed Gateway (Z APM Connect DG), set up secure communications from CICS TG client applications on the distributed platform to Z APM Connect DG.

On the machine that runs CICS TG, ensure that your LPAR has been set up with necessary keystores to communicate with Z APM Connect DG. For more information, see Configuring secure communications between z/OS components and Z APM Connect Distributed Gateway Linux machine.

  1. Locate the zos.keystore.jks and zos.truststore.jks files.

  2. On the machine running your client application, move zos.keystore.jks and zos.truststore.jks to the directory specified by the system property AGM.CONF.LOCATION.

    • To configure mutual authentication, move both zos.keystore.jks and zos.truststore.jks.

    • To configure client authentication, move only zos.keystore.jks if you enabled security on your Kafka server when running configureZosTls.sh.

    • To configure server authentication, move only zos.truststore.jks if you want your client application to authenticate your Kafka server.

  3. Define system properties to your client machine JVM.

    • If you move both .jks files, define the following system properties:

      agm.ssl.key.passwordagm.ssl.client.auth=onagm.ssl.keystore.passwordagm.ssl.server.auth=onagm.ssl.truststore.password

    • If you move only zos.keystore.jks, define the following system properties:

      agm.ssl.key.passwordagm.ssl.client.auth=onagm.ssl.keystore.password

    • If you move zos.truststore.jks to the machine that runs your client application, define the following system properties:

      agm.ssl.key.passwordagm.ssl.server.auth=onagm.ssl.truststore.password