This document describes how to use RACF to generate SSL certificates for ODBC connections using AT-TLS.
Enabling SSL security is a somewhat complex process requiring configuration changes in multiple locations within your environment.
In this article we provide step-by-step guidance to perform this task using the RACF Security Manager to generate and house your Certificates.
AT-TLS Policy Modification
SSL enablement on the mainframe is performed using Application Transparent, Transport Layer Security, or AT-TLS. AT-TLS is a component of the IBM TCP/IP stack. It is configured using what's called the "Policy Agent", or PAGENT. PAGENT policies identify which traffic on the mainframe stack should be secured using SSL. A sample set of 'Policy Rules' used for the securing of the IDMS ODBC/JDBC Listener port has been provided for your reference, under file name ZM17 Pagent.conf.txt in the attached file samples.zip. The contents of this file should be tailored to your site-specific environment and added to your PAGENT configuration.
CA IDMS/Server, all supported releases.