Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. DTL__CAPXTIMESTAMP Time Stamps
  15. PowerExchange Glossary

PowerExchange SSL Configuration Steps

PowerExchange SSL Configuration Steps

Before you begin SSL configuration for PowerExchange, your organization should have a local CA certificate from a well-known CA vendor. A self-signed CA certificate can be generated instead for internal use, such as connections within your organization's network or internal testing.
The steps described in this task should be performed by security administrators. Security administrators have specific permissions and system access that allow them to generate and manage security certificates and policy files.
All certificates created for use with PowerExchange must be generated to the X.509 standard. For example, the PKCS7 format meets the X.509 standard, so it can be used to generate the certificates.
To implement SSL support in PowerExchange, complete the following tasks:
  1. Configure each z/OS server.
    1. Update the AT-TLS policy file.
    2. Create a personal certificate.
    3. Configure the PowerExchange Listener in the DBMOVER file.
  2. Configure each Linux, UNIX, or Windows server.
    1. Create a CA certificate.
    2. Create a personal certificate.
    3. Customize the DBMOVER configuration file on the server.
  3. If your organization requires client validation, configure each Linux, Unix, or Windows client:
    1. Create a CA certificate for the client.
    2. Create a personal certificate for the client.
    3. Customize the DBMOVER configuration file to use client validation.
  4. Make the certificates available to servers and clients that require authentication.
  5. Verify the secure connections between PowerExchange clients and servers.