For Control-D/File Transfer Option (FTO), Control-D/Agent provides a DEMO certificate signed by the DEMO CA of Control D . The Control-D for z/OS is also signed by the same DEMO CA.
For SSL setup for Control-D/WebAccess Server, ensure that you have already obtained the keys and certificates using the BYO method.
Note: The sample certificates are for demonstration purposes only and must not be used in a production environment.
To enable SSL on Control-D/Agent file transfer server:
To enable SSL on Control-D/Agent file transfer client:
The -ssl command line parameter should be added to the command line to communicate with the host using SSL.
bmc-ctd-sftclient -h=host -p=port -u -f=input_file -d=output -ssl
The Control-D file transfer client can send files to Control-D on z/OS via IOAGATE when IOAGATE is configured for Control-D/File Transfer Option support.
To set up Control-D/File Transfer Option or Control-D/WebAccess Server in IOAGATE for SSL:
SSL=YES,
KEYRING=<IOAGATE's keyring>,
KEYRLAB=<IOAGATE's certificate label>,
CLIAUTH=NO | YES,
SSL=YES,
KEYRING=IOAGATERING,
KEYRLAB=IOAGATEF,
CLIAUTH=NO,
This step is needed because RACSCERT must be provided with the demo certificates in a sequential VB file, with trailing blanks removed.
Assume that these files will be called IOAQ.Q71MN.CERTCAF.DEMO and IOAQ.Q71MN.CERTGATF.DEMO.
//Q53CER JOB ,OR,CLASS=A,MSGCLASS=X,REGION=0M,NOTIFY=&SYSUID
//*
//*
// JCLLIB ORDER=IOAQ.Q71MN.PROCLIB
// INCLUDE MEMBER=IOASET
//COPY1 EXEC PGM=SORT
//SYSOUT DD SYSOUT=*
//SORTIN DD DSN=IOAQ.Q71MN.SAMPLE(CERTCAF),DISP=SHR
//VBOUT DD DSN=IOAQ.Q71MN.CERTCAF.DEMO,
// DISP=(NEW,CATLG,DELETE),
// SPACE=(TRK,(1,1),RLSE),
// VOL=SER=IOAQ31,UNIT=3390,
// DCB=(RECFM=VB,LRECL=68,BLKSIZE=6800)
//SYSIN DD *
OPTION COPY
OUTFIL FNAMES=VBOUT,FTOV,VLTRIM=X'40'
/*
//COPY2 EXEC PGM=SORT
//SYSOUT DD SYSOUT=*
//SORTIN DD DSN=IOAQ.Q71MN.SAMPLE(CERTGATF),DISP=SHR
//VBOUT DD DSN=IOAQ.Q71MN.CERTGATF.DEMO,
// DISP=(NEW,CATLG,DELETE),
// SPACE=(TRK,(1,1),RLSE),
// VOL=SER=IOAQ31,UNIT=3390,
// DCB=(RECFM=VB,LRECL=68,BLKSIZE=6800)
//SYSIN DD *
OPTION COPY
OUTFIL FNAMES=VBOUT,FTOV,VLTRIM=X'40'
/*
RACDCERT CERTAUTH ADD('IOAQ.Q71MN.CERTCAF.DEMO') TRUST WITHLABEL('CACERTF')
RACDCERT ID(STCUSER) ADD('IOAQ.Q71MN.CERTGATF.DEMO') TRUST WITHLABEL('IOAGATEF') PASSWORD('abcd1234')
RACDCERT ID(STCUSER) ADDRING(IOAGATERING)
RACDCERT ID(STCUSER) CONNECT(CERTAUTH LABEL('CACERTF') RING(IOAGATERING) USAGE(CERTAUTH))
RACDCERT ID(STCUSER) CONNECT(ID(STCUSER) LABEL('IOAGATEF') RING(IOAGATERING))
Parent Topic |