Implementing TLS Security in a PowerExchange Network

Back Next

PWXUGSK Utility

Use the PWXUGSK utility to generate reports about TLS libraries and certificates that were generated on z/OS for the PowerExchange Listener. You can also determine the validity of certificates that are available to a specified user.

The PWXUGSK utility runs on z/OS and supports the following commands and reports:

PING command. Use the PING command to verify the following:

A specified user ID has the authority to view security certificates for the PowerExchange Listener on z/OS.

The certificates available to the PowerExchange Listener are current and valid.

The AT-TLS rules defined for the server can intercept inbound requests, remove the TLS information and send TCP/IP packets to the PowerExchange Listener.

To perform this verification, submit JCL that includes the following command:

PWKUGSK CMD=PING PING_LOCATION=node_name 
[PING_UID=user_name {PING_PWD=password|PING_EPWD=encrypted_password}]

Certificates report. Reports information about the certificates stored in a RACF keyring or SAF database. To run a certificates report, submit JCL that includes the following command:

PWXUGSK CMD=REPORT_CERTIFICATES [LOC_TYPE={KEYRING|DATABASE}] [LOC_NAME=name] 
[DB_PWD=password] [DB_EPWD=encrypted_password] [VERBOSE={N|Y}]

Ciphers report. Reports the cipher suites that are available on the z/OS system. To run a ciphers report, submit JCL that includes the following command:

PWXUGSK CMD=REPORT_CIPHERS

Error codes report. Reports all possible system TLS errors, both from the secure connection and from the processing of data packets. After a TLS failure, particular instances of these errors can be found in the TCP/IP JES message log. To run an error-codes report, submit JCL that includes the following command: