Before you begin SSL configuration for PowerExchange, your organization should have a local CA certificate from a well-known CA vendor. A self-signed CA certificate can be generated instead for internal use, such as connections within your organization's network or internal testing.
The steps described in this task should be performed by security administrators. Security administrators have specific permissions and system access that allow them to generate and manage security certificates and policy files.
All certificates created for use with PowerExchange must be generated to the X.509 standard. For example, the PKCS7 format meets the X.509 standard, so it can be used to generate the certificates.
To implement SSL support in PowerExchange, complete the following tasks:
Configure each z/OS server.
Update the AT-TLS policy file.
Create a personal certificate.
Configure the PowerExchange Listener in the DBMOVER file.
Configure each Linux, UNIX, or Windows server.
Create a CA certificate.
Create a personal certificate.
Customize the DBMOVER configuration file on the server.
If your organization requires client validation, configure each Linux, Unix, or Windows client:
Create a CA certificate for the client.
Create a personal certificate for the client.
Customize the DBMOVER configuration file to use client validation.
Make the certificates available to servers and clients that require authentication.
Verify the secure connections between PowerExchange clients and servers.