This document describes how to use RACF to generate SSL certificates for ODBC connections using AT-TLS.
Enabling SSL security is a somewhat complex process requiring configuration changes in multiple locations within your environment.
In this article we provide step-by-step guidance to perform this task using the RACF Security Manager to generate and house your Certificates.
While this configuration does not include support for SSL Client Authentication, the same process can be extended to also generate certificates for that functionality as well.
AT-TLS Policy Modification
SSL enablement on the mainframe is performed using Application Transparent, Transport Layer Security, or AT-TLS. AT-TLS is a component of IBM's z/OS Communications Server product. It is configured using what's called the "Policy Agent", or PAGENT. PAGENT policies identify which traffic on the mainframe stack should be secured using SSL. A sample set of 'Policy Rules' used for the securing of the IDMS ODBC/JDBC Listener port has been provided for your reference, under file name ZM17 Pagent.conf.txt in the attached file samples.zip. The contents of this file should be tailored to your site-specific environment and added to your PAGENT configuration.
CA IDMS/Server, all supported releases.