TTLSKeyringParms statement
Use the TTLSKeyringParms statement to define a set of key ring parameters for an AT-TLS environment action. A TTLSKeyringParms statement can be specified inline in a TTLSEnvironmentAction statement or referenced by a TTLSEnvironmentAction statement.
Syntax
Parameters
- name
- A string 1 - 32 characters in length
specifying the name of this TTLSKeyringParms statement.
Rule: If this TTLSKeyringParms statement is not specified inline within another statement, a name value must be provided. If a name is not specified for an inline TTLSKeyringParms statement, a nonpersistent system name is created.
To specify a SAF key ring use the Keyring parameter.
- Keyring
- Specifies the name of the SAF key ring in the format userID/keyring. The
userID is the z/OS® user ID that owns the keyring. If userID is not specified, then AT-TLS will use the z/OS userID that invoked the sockets API call that caused AT-TLS to process the TLS handshake. For System SSL, the GSK_KEYRING_FILE value is set to the value specified. Valid values are 1 - 1 023 characters in length. Tips:
- If the owner of the keyring is always the same, then the userID should be coded on the Keyring parameter.
- If connections belonging to different user IDs will be protected by an AT-TLS rule using the Keyring parameter, the userID should be omitted from the Keyring parameter and each affected user must have their own keyring with the specified name.
To specify a z/OS PKCS #11 token name use the Keyring parameter.
- Keyring
- Specifies the path name of the z/OS PKCS #11 token as
*TOKEN*/token-name. *TOKEN*
indicates that the specified key ring is actually a token name. The token-name is limited to 32 characters in length. See z/OS Cryptographic Services ICSF Writing PKCS #11 Applications for more information on PKCS #11 tokens. For System SSL, the GSK_KEYRING_FILE value is set to the value specified.
To specify a z/OS UNIX key database use the Keyring parameter, along with either the KeyringPw or KeyringStashFile parameter.
- Keyring
- Specifies the path and file name of the key database z/OS UNIX file. A KeyringPw or KeyringStashFile must also be specified. For System SSL, the GSK_KEYRING_FILE value is set to the value specified. Valid values are 1 - 1 023 characters in length.
- KeyringPw
- Specifies the password for the key database. For System SSL, GSK_KEYRING_PW is set to this value. Valid values are in the range 1 - 128 characters in length.
- KeyringStashFile
- Specifies the path and file name of the key database password stash file. For System SSL, GSK_KEYRING_STASH_FILE is set to this value. Valid values are in the range 1 - 1 023 characters in length.
If both a KeyringPw value and a KeyringStashFile value are specified, System SSL will use the KeyringPw value.