Preparing for secure Internet delivery

z/OS product and service offerings can be downloaded directly from IBM's servers to your z/OS system. SMP/E provides capabilities to perform these download operations using the RECEIVE command and the GIMGTPKG service routine. SMP/E supports secure and encrypted download operations using FTPS (FTP over SSL/TLS) and HTTPS (HTTP over SSL). However, using either of these download methods requires preparation and one-time setup.
Note: Support for HTTP and HTTPS downloads is added to SMP/E V3.5 and V3.6 with APAR IO20858, and additional fixes to support changes to IBM's secure delivery servers are added to SMP/E V3.5 and V3.6 with APAR IO22326.
This topic provides an overview of using SMP/E for secure internet download operations, in particular from IBM's secure delivery servers, and the one-time steps you need to take to prepare.
  • SSL overview
  • Enable certificate authority certificates
  • Define CLIENT input for RECEIVE and GIMGTPKG

HTTPS Fast Path!

The quick and easy method to enable secure download operations is to instruct the SMP/E RECEIVE command and GIMGTPKG service routine to use the HTTPS download method and certificate authority (CA) certificates managed by the default z/OS Java truststore. To do so, simply specify the SMP/E <CLIENT> tag with the following attributes:
If you want to understand the background and details of the above attributes, or if you want to explore other options such as FTPS or using CA certificates stored in your z/OS security manager database, then read on. Otherwise, you can skip the rest of this topic.