Using a virtual key ring for the FTP client with Transport Layer Security

Question & Answer

Question

Can I use a virtual key ring to secure FTP client connections with Transport Layer Security (TLS)?

Answer

You can use a virtual key ring if the FTP server does not require client authentication.

The virtual key ring will allow the FTP client to validate the FTP server certificate.

Because the FTP client does not need its own certificate and private key, you can use a CERTAUTH virtual key ring. The CERTAUTH virtual key ring will have all certificates added to RACF as CERTAUTH. To use this CERTAUTH virtual key ring, code *AUTH*/* as the name of the key ring.

If TLSMECHANISM FTP is coded in the FTP.DATA file, the KEYRING statement in FTP.DATA should be coded as

If TLSMECHANISM ATTLS is coded in the FTP.DATA file, the Keyring parameter of the TTLSKeyringParms statement should be coded as

{

Keyring *AUTH*/*

}

A key ring owned by the user of the FTP client does not need to be created when you use the virtual key ring.

[{"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"All","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"1.9;1.10;1.11;1.12;1.13;2.1;2.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Tips

Using a virtual key ring for the FTP client with Transport Layer Security

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?