Additional Configuration Options

You can configure special-purpose remote node records to perform the following functions:

• Validate certificates using Sterling External Authentication Server (TLS and SSL)
• Block nonsecure TCP API connections (TLS and SSL)
• Secure passwords at rest within the Sterling Connect:Direct® TCQ and AUTH files (all protocols)

With the SSL and TLS protocols, you can validate certificates using the Sterling External Authentication Server application. To use Sterling External Authentication Server, configure your application to connect to the host name and port where the Sterling External Authentication Server application (.EASERVER) resides. Specify a certificate validation definition. For configuration instructions, see Adding a Remote Node Record for the Sterling External Authentication Server.

Use only secure TCP API connections to connect to a Sterling Connect:Direct for z/OS® server. To block nonsecure TCP API connections, define a .CLIENT remote node record, disable override, and identify SSL or TLS as the protocol to use for secure TCP API connections. For configuration instructions, see Establishing Secure TCP API Connections to a Sterling Connect:Direct Secure Plus-Enabled Server.

In Sterling Connect:Direct, passwords can be used in Sterling Connect:Direct when Processes are submitted, during API signons. and when the AUTH file is maintained. You can use Strong Password Encryption SPE) to secure passwords at rest within the Sterling Connect:Direct TCQ and AUTH files. See Implementing Strong Password Encryption.