The following example <CLIENT> tag tells SMP/E that files should
be downloaded using the HTTPS protocol, thus enabling secure and encrypted
transfers.
<CLIENT
downloadmethod=”https”
downloadkeyring=”javatruststore”
javahome="/usr/lpp/java/J6.0"
>
<HTTPPROXY host=”local.httpproxy.com”>
</HTTPPROXY>
</CLIENT>
- downloadmethod
- Identifies the network protocol to use for downloading files from
the remote server to the local z/OS. The IBM secure delivery server
supports values of either https or ftp.
Specify a value of https to indicate files
will be downloaded using HTTPS.
- downloadkeyring
- Identifies the location of the certificate authority certificates
required for the SSL handshake with the HTTPS server. The name for
a security manager keyring, or the keyword javatruststore may
be specified.
If you choose to manage certificate authority
certificates with your z/OS security manager, you can specify a real
or virtual keyring. The simplest keyring specification is to use the
CERTAUTH virtual keyring, *AUTH*/*. Using the CERTAUTH virtual keyring
indicates all of the trusted CA certificates defined in the security
manager database are available for use during the SSL handshake. This
includes the required GeoTrust Global CA certificate described in
the topic Enabling certificate authority certificates.
If you specify
the keyword javatruststore, then all of
the certificate authority certificates in the default Java truststore
are available for use. A Java truststore is a Java keystore file
containing the collection of trusted certificate authority certificates.
The default Java truststore includes the required GeoTrust Global
CA certificate, and is located relative to the Java home directory,
which is specified on the javahome attribute,
or on the SMPJHOME DD statement.
- javahome
- Specifies the location for the Java runtime to be
used by SMP/E. SMP/E uses the capabilities of Java 6 for its HTTPS
operations. Therefore, specify the location for the IBM 31-bit SDK
for z/OS, Java Technology Edition Version 6 (5655-R31), or the IBM
64-bit SDK for z/OS, Java Technology Edition Version 6 (5655-R32),
or a logical successor, on the javahome attribute.
- <HTTPPROXY>
- Optional tags are available to describe local HTTP or SOCKS proxy
servers. A proxy server redirects HTTP requests to the remote server
on the Internet. The <HTTPPROXY> tag is used to identify a local
HTTP proxy server, and the <HTTPSOCKSPROXY> tag is used to identify
a local SOCKS proxy server.
The <HTTPPROXY> and <HTTPSOCKSPROXY>
tags are optional, and should be specified only if HTTP requests to
the Internet from your z/OS system are required to pass through a
specific HTTP or SOCKS proxy server. For example, if you must specify
a proxy server in your Internet browser configuration to allow you
access to Web sites on the internet, then you might need to specify
the <HTTPPROXY> or <HTTPSOCKSPROXY> tag in the CLIENT data set.
If
you use an HTTP or SOCKS proxy server, and it requires authentication,
the
user and
pw attributes
can be used to specify the proxy server user ID and password. Also,
if your HTTP or SOCKS proxy server listens on a port other than the
default ports 80 and 1080, the
port attribute
can be used to specify an alternate port value. For example:
<HTTPPROXY host=”local.httpproxy.com”
user=”userid” pw=”password” port=”8080”></HTTPPROXY>
See
SMP/E for z/OS Commands
for complete details of the <HTTPPROXY> and <HTTPSOCKSPROXY>
tags and attributes, and consult your network administrator for help
determining what, if anything, you must specify for an HTTP or SOCKS
proxy server.