I think Tony is correct. If the external server's signing CA is defined using the appropriate Policy Rules for the z/OS Policy Agent and covering the local Cobol client, a secure connection, transparent to the Cobol client should work.
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Denis > Sent: Thursday, June 15, 2017 11:44 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: changing batch job to use SSL > > Tony, > > yes I missed the part of a z/os client, sorry for that. > But it only makes sense, if both z/os are on different boxes or use external > tcpip paths, otherwise since between tcpip and the calling application of the > socket api its unencrypted anyway, it would be a waste of cpu cycles. > > Denis. > > > -----Original Message----- > From: Tony Harminc <t...@harminc.net> > To: IBM-MAIN <IBM-MAIN@LISTSERV.UA.EDU> > Sent: Thu, Jun 15, 2017 07:12 PM > Subject: Re: changing batch job to use SSL > > > On 15 June 2017 at 12:24, Denis < > 000001664d8ede6c-dmarc-<a > href="mailto:requ...@listserv.ua.edu">requ...@listserv.ua.edu</a>> > wrote: > > > This is new for me, can you point me to docs how to set up at-tls on > > windows for a tcpip c client program connecting to z/os? > > > Denis, I don't think Windows is in this picture anywhere; certainly it was not > mentioned until now. The OP spoke of a COBOL client program on z/OS > talking to a platform-unspecified external server (presumably not under his > control). AT-TLS on z/OS can provide the required client side protocol > support for TLS. The OP said that the server program already supports TLS, so > it's mostly a matter of getting the certificate stuff and the AT-TLS config > right. > > Tony H. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > <a href="mailto:lists...@listserv.ua.edu">lists...@listserv.ua.edu</a> with > the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN