• _ Ensure that the basic setup for the Policy Agent is done.

  See z/OS Communications Server: IP Configuration Guide about policy-based networking and data protection.

• _ Ensure that the basic certificates setup is done.

  For handling certificates for secure communications for RACF®, see z/OS Security Server RACF Security Administrator’s Guide about RACF and digital certificates.

• _ Set the configuration property enableHttpsConnection to true.
• _ Ensure that the configuration property httpsPort is set to 5989.

  This default should not be changed.

  Note:

  It is important to understand that only enabling HTTPS for the CIM server will not be sufficient to configure SSL encryption for the communication. You also must configure AT-TLS for the CIM server's HTTPS port.
• _ Ensure that the https port 5989 can be used by the CIM server.

  For more information, see Configuring the ports for the CIM server.

Based on this configuration, the CIM server opens a second listener for receiving client connections and ensures that these connections are secured by AT-TLS. The level of protection depends on the configuration of AT-TLS. If a connection on this port is not secured by AT-TLS, the connection is closed and an appropriate error message is issued on the operator console.

• _ Enable the Policy Agent for AT-TLS.

  See z/OS Communications Server: IP Configuration Guide about Application Transparent Transport Layer Security data protection.

• _ Configure the Policy Agent to secure the communication for the CIM server at the configured HTTPS port (configuration property httpsPort). For sample Policy Agent polices, see Example: Configuring AT-TLS for secure communication to configure either an SSL protection or an SSL protection including a certificate based authentication.
• _ Optionally you can protect the (outgoing) indication delivery on a specific port range with SSL.