Encrypted communication with Debug Manager
If the debug client uses encryption to communicate with the Remote System Explorer (RSE) daemon, by default, the client also uses encryption to communicate with the host-based Debug Manager.
The following table shows whether a debug session can be started successfully with encrypted
communication disabled or enabled for RSE and Debug Manager
| DBGMGR encrypted communication enabled | DBGMGR encrypted communication disabled | |
|---|---|---|
| RSE encrypted communication enabled | The debug session starts in secured mode.1 | Ask you to confirm unsecured connection and then proceed as normal. |
| RSE encrypted communication disabled | The debug session cannot be started. | The debug session starts in unsecured mode. |
Notes:
- By default, Debug Manager uses the same certificates as RSE.
However, Debug Manager can also be
configured to use different certificates than the RSE daemon:
- When RSE and Debug Manager use different chained certificates of the same CA root, the debug session can also start without prompts.
- In other cases, the different certificates are considered as untrusted. You need to take actions
before the debug connection can be established.
- In Debug Tool compatibility mode, when the debug session is initialized, a window appears to confirm with you whether you want to import the untrusted certificates. Imported certificates can be managed on the SSL/TLS preference page. To open the page, select .
- In standard mode, you need to add the certificates to the RSE keystore, or specify a keystore that contains the certificates on the IBM z/OS Debugger preference page. To open the page, select . For more information, see IBM z/OS Debugger preference page.