After configuring the server and client systems, use these
steps to start and verify AT-TLS.
Before you begin
- Perform the tasks in Table 1 and Table 1.
- Review your syslogd configuration to verify that messages written
by Policy Agent and TCP/IP stacks are saved in the wanted files. AT-TLS
syslogd messages are written to the daemon facility by default.
- Start syslogd.
You are now ready to start the sample AT-TLS environment and
verify its operation.
Procedure
Perform the following steps to start AT-TLS and verify
its operation:
- Start the TCP/IP stacks.
- Start the administrative applications required to successfully
run Policy Agent, such as OMPROUTE and LDAP.
- If System SSL needs to access Integrated Cryptographic Services
Facility (ICSF), start ICSF. For information about using cryptographic features with System SSL,
see z/OS Cryptographic Services System SSL Programming.
- Start Policy Agent on all participating systems and verify
that there were no policy errors in processing the policy files.
- Verify that the participating TCP/IP stacks have received
AT-TLS policy and released console message EZZ4248E.
- Start server application and verify that it starts without
errors.
- Start client applications. Review the AT-TLS trace messages
in the syslogd output on both the client and server systems. Verify
that connections are mapping to the intended policy and no handshake
errors occur. The info messages EZD1281I TTLS Map and EZD1283I
TTLS Initial Handshake show the policy used and result of
TLS handshake negotiation. The error message EZD1286I TTLS
Error shows any failures.