How can a SSL certificate from a distributed environment be used to login to mainframe? Is their any encryption card or any hardware required?

Document ID : KB000013700
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How can a SSL certificate from a distributed environment be used to login to mainframe?
Is their any encryption card or any hardware required?

Answer:

Users can be identified and authenticated by means of a digital certificate presented to a z/OS server application that uses System SSL or TCP/IP Application Transparent TLS (AT-TLS) or a z/OS LDAP Server and then mapped to an ACF2 logonid. 

The following applications support client authentication via digital certificates when using SSL/TLS sessions: 

- FTP
- TN3270, using the Express Logon Feature (ELF) and the Digital Certificate Application Server (DCAS)
- HTTP server 

An encryption card or any other hardware is not required on the z/OS side.