The manuals are confusing as they seem to be focused on Websphere and assume that is what you want to do. So far, I have achieved a secure transfer, or at least so say the messages. I created the CA cert on one system, then exported/imported it to another. Both systems are z/os 1.4 but do not share RACF. Changing the FTPSDATA requires a recycle of FTP (P FTPD1, S FTPD).
I am still baffled by the certificate process. I posed a plea for help on the RACF list, and received two replies that I have not yet studied. One suggested: http://www-306.ibm.com/software/network/commserver/zos/library/ Another from Wai Choi - RACF Development. I will post that separately. NOTE: THE FOLLOWING IS FROM MY TESTING NOTES. TEST RESULTS ARE ENCOURAGING, BUT I HAVE NO IDEA IF/HOW THIS WOULD APPLY TO ANYONE ELSE. I STILL DON'T KNOW IF THIS IS THE CORRECT PROCESS. YMMV. IF YOU ARE ANY OF YOUR STAFF ARE CAUGHT OR KILLED, THE SECRETARY WILL DISAVOW... oops, sorry, wrong disclaimer. ICSF is not required, but highly recommended. The invocation (last steps below) still needs polishing. The DEBUG statements may not be appropriate for prime time. My notes: 1. Build CA CERT RACDCERT CERTAUTH GENCERT - SUBJECTSDN( - ............. 2. Build personal certs a. FTPD RACDCERT ID(FTPD) GENCERT - SUBJECTSDN( - .... SIGNWITH(CERTAUTH - LABEL('from above')) b. User RACDCERT ID(myid) GENCERT - SUBJECTSDN( - ...... SIGNWITH(CERTAUTH - LABEL('from above')) 3. Activate and RACLIST classes DIGTCERT DIGTRING 4. Add FACILITY IRR.DIGTCERT.LISTRING and permit. 5. Build key rings. a. FTPD b. User 6. Connect both CA and personal certs to keyrings. 7. Add to server SYS1.TCPPARMS(FTPSDATA): DEBUG SEC ; Helpful ACCESSERRORMSGS ; Send detailed login failure replies KEYRING thekeyringname ; Cert keyring for the server FTPDx EXTENSIONS AUTH_TLS ; Activate SSL support 8. Add to client //SYSFTPD DD DISP=SHR,DSN=my.parmlib(FTPSSL1) which contains: DEBUG SOC(2) CLIENTERRCODES TRUE KEYRING mykeyring SECURE_DATACONN PRIVATE SECURE_MECHANISM TLS 9. Invoke FTP: //S001 EXEC PGM=FTP,PARM='-v -d -e -r TLS' ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html