How do we specify KEYRING name in a batch FTP job?

Document ID : KB000094292
Last Modified Date : 03/05/2018
Show Technical Document Details
Question:
How do we specify KEYRING name in a batch FTP job? Does the keyring name need to be associated with a user or a group of users? 
Answer:
Use the KEYRING statement to define the key ring that contains the certificate to be used during the TLS handshake.

Server
Specifies the key ring database on the server's system.

Client
Specifies the key ring database on the client's system.

Syntax
>>-+---------------------------------+-------------------------><
   '-KEYRING--+-keyringname--------+-'   
              '-userid/keyringname-'     

Parameters
userid/keyringname

Allows multiple FTP users to share one key ring owned by another user. The keyringname value is the SAF key ring created by using the RACF® ADDRING function.

Restrictions:

- The userid value must be the user that actually owns the key ring.
- All users must have READ and UPDATE access to the IRR.DIGTCERT.LISTRING 
  resource in the FACILITY class when using an SAF key ring owned by another 
  user.

For example:

KEYRING / FTPS.RING LAST CHANGED BY ABCDEFG ON 05/02/18-12:24
DEFAULT() RINGNAME(FTPkeyring)
The following certificates are connected to this key ring:
CERTDATA record   Label                            Usage
----------------- -------------------------------- --------
CERTAUTH.CERTINT1 certauth.certint1                CERTAUTH
CERTAUTH.CERTINT2 certauth.certint2                CERTAUTH
CERTAUTH.CERTROOT certauth.certroot                CERTAUTH


The "Keyring" statement for the above Keyring would be:

KEYRING FTPS/FTPkeyring