Migrate to AT-TLS to allow the DCAS to use the latest support for SSL/TLS. Configuring TLS/SSL by using the DCAS configuration file is supported, but such support is deprecated and will no longer be enhanced.
To use this DCAS enhancement, perform the appropriate tasks in Table 1.
Task/Procedure | Reference |
---|---|
Enable Transparent Transport Layer Security (TTLS) in the TCP/IP stack by specifying the TTLS parameter on the TCPCONFIG statement in the TCPIP profile. | |
Set up authorization for the pasearch command if the command is not issued from a superuser. To set authorization for the pasearch command, create a SERVAUTH profile of EZB.PAGENT.sysname.TcpImage.ptype. The ptype value can be set to TTLS or a wildcard value. | |
Enable AT-TLS configuration for the Policy Agent by specifying CommonTTLSConfig, TLSConfig, or both statements in the Policy configuration file for each stack. | |
Define the AT-TLS policies by specifying the policies in the configuration files that are identified with the CommonTTLSConfig and TTLSConfig statements. | Specify the AT-TLS policies in the configuration
files that are identified with the CommonTTLSConfig and TTLSConfig statements. Use
one of the following methods to create the AT-TLS Policy Agent configuration
files:
|
Display policy-based networking information by using the z/OS UNIX System Services (USS) pasearch command to query information from the z/OS UNIX Policy Agent. The command is issued from the USS shell. | Displaying policy-based networking information in z/OS Communications Server: IP System Administrator's Commands |
Enable AT-TLS in the DCAS configuration file by setting TLSMECHANISM to ATTLS. | Customizing DCAS for TLS/SSL in z/OS Communications Server: IP Configuration Guide |