Additional options are required on the agent task’s "TCP" SYSIN parameter card to enable TLS. In addition to existing parameters available on the TCP card (see the section TCP Parameter Card), the following parameters must be set to enable TLS communication with the server:
Parameter |
Description |
---|---|
TLS |
Optional. Set the TLS parameter to "Y" to have the TCP communication with the server use TLS encryption. The default is "N" (No). You may also set this option to "V" to force the mainframe to check an incoming TLS client certificate's Common Name, validating that it matches the DNS name for the proxy server that issued the connection request. (This requires that the Proxy server's DNS information is available to the mainframe.) |
KEYF |
Required if TLS=Y or TLS=V. The certificate key database file (defined in Step 1 above). The owning user ID of the Ironstream task must have read access to this file. |
STAF |
Required if TLS=Y or TLS=V. The password stash file (defined in Step 2 above). This must be specified when using a certificate key database file. The owning user ID of the Ironstream task must have read access to this file. |
This is an example TCP parameter card with TLS enabled:
TCP 6106 6107 TLS=Y KEYF=/u/user1/example STAF=/u/user1/example.sth