TTLSKeyringParms statement

Use the TTLSKeyringParms statement to define a set of key ring parameters for an AT-TLS environment action. A TTLSKeyringParms statement can be specified inline in a TTLSEnvironmentAction statement or referenced by a TTLSEnvironmentAction statement.

Syntax

Read syntax diagramSkip visual syntax diagramTTLSKeyringParmsname Put Braces and Parameters on Separate Lines
Put Braces and Parameters on Separate Lines
Read syntax diagramSkip visual syntax diagram{TTLSKeyringParms Parameters}
TTLSKeyringParms Parameters
Read syntax diagramSkip visual syntax diagram Keyring  value KeyringPw  value KeyringStashFile  value

Parameters

name
A string 1 - 32 characters in length specifying the name of this TTLSKeyringParms statement.

Rule: If this TTLSKeyringParms statement is not specified inline within another statement, a name value must be provided. If a name is not specified for an inline TTLSKeyringParms statement, a nonpersistent system name is created.

Start of changeTo specify a SAF key ring use the Keyring parameter.
Keyring
Specifies the name of the SAF key ring in the format userID/keyring. The userID is the z/OS® user ID that owns the keyring. If userID is not specified, then AT-TLS will use the z/OS userID that invoked the sockets API call that caused AT-TLS to process the TLS handshake. For System SSL, the GSK_KEYRING_FILE value is set to the value specified. Valid values are 1 - 1 023 characters in length.
Tips:
  • If the owner of the keyring is always the same, then the userID should be coded on the Keyring parameter.
  • If connections belonging to different user IDs will be protected by an AT-TLS rule using the Keyring parameter, the userID should be omitted from the Keyring parameter and each affected user must have their own keyring with the specified name.
End of change
Start of changeTo specify a z/OS PKCS #11 token name use the Keyring parameter.
Keyring
Specifies the path name of the z/OS PKCS #11 token as *TOKEN*/token-name. *TOKEN* indicates that the specified key ring is actually a token name. The token-name is limited to 32 characters in length. See z/OS Cryptographic Services ICSF Writing PKCS #11 Applications for more information on PKCS #11 tokens. For System SSL, the GSK_KEYRING_FILE value is set to the value specified.
End of change
Start of changeTo specify a z/OS UNIX key database use the Keyring parameter, along with either the KeyringPw or KeyringStashFile parameter.
Keyring
Specifies the path and file name of the key database z/OS UNIX file. A KeyringPw or KeyringStashFile must also be specified. For System SSL, the GSK_KEYRING_FILE value is set to the value specified. Valid values are 1 - 1 023 characters in length.
KeyringPw
Specifies the password for the key database. For System SSL, GSK_KEYRING_PW is set to this value. Valid values are in the range 1 - 128 characters in length.
KeyringStashFile
Specifies the path and file name of the key database password stash file. For System SSL, GSK_KEYRING_STASH_FILE is set to this value. Valid values are in the range 1 - 1 023 characters in length.
End of change

Start of changeIf both a KeyringPw value and a KeyringStashFile value are specified, System SSL will use the KeyringPw value.End of change