Previous Topic Next topic Print topic


Example AT-TLS Entries for PAGENT Address Space

The following is a sample definition that can be modified for use in the PAGENT address space to allow AT-TLS access to MFA and z/Server. This example must be modified to suit your requirements.

Micro Focus recommend using Trace 3 in the TTLSGroupAction. This allows error messages to be logged to the z/OS syslog, otherwise messages are logged by the syslog daemon (syslogd) and are typically stored in /var/log. You can check the exact output location of the syslogd by checking the syslog.conf file.

Click here to download an IBM Redbook that provides further information on configuring your PAGENT address space. The Redbook also contains information on other configuration aspects that support AT-TLS connectivity between your client application and mainframe.

TTLSRule                          ToMFASSL~1
{
  LocalAddrRef                    addr1
  RemoteAddr                      ALL
  LocalPortRangeRef               portR1
  RemotePortRangeRef              portR2
  Direction                       Inbound
  Priority                        255
  TTLSGroupActionRef              gAct1~MFASSL
  TTLSEnvironmentActionRef        eAct1~MFASSL
  TTLSConnectionActionRef         cAct1~MFASSL
}
TTLSRule                          ToZSERVER~1
{
  LocalAddrRef                    addr1
  RemoteAddr                      ALL
  LocalPortRangeRef               portR4
  RemotePortRangeRef              portR2
  Direction                       Inbound
  Priority                        255
  TTLSGroupActionRef              gAct1~ZSERVER
  TTLSEnvironmentActionRef        eAct1~ZSERVER
  TTLSConnectionActionRef         cAct1~ZSERVER
}
TTLSGroupAction                   gAct1~MFASSL
{
  TTLSEnabled                     On
  Trace                           3
}
TTLSGroupAction                   gAct1~ZSERVER
{
  TTLSEnabled                     On
  Trace                           3
}
TTLSEnvironmentAction             eAct1~MFASSL
{
  HandshakeRole                   ServerWithClientAuth
  EnvironmentUserInstance         0
  TTLSKeyringParmsRef             keyR~ADCD113
  TTLSEnvironmentAdvancedParmsRef eAdv1~MFASSL
}
TTLSEnvironmentAction             eAct1~ZSERVER
{
  HandshakeRole                   ServerWithClientAuth
  EnvironmentUserInstance         0
  TTLSKeyringParmsRef             keyR~ADCD113
  TTLSEnvironmentAdvancedParmsRef eAdv1~ZSERVER
}
TTLSEnvironmentAdvancedParms      eAdv1~MFASSL
{
  ClientAuthType                  SAFCheck
}
TTLSEnvironmentAdvancedParms      eAdv1~ZSERVER
{
  ClientAuthType                  SAFCheck
}
TTLSConnectionAction              cAct1~MFASSL
{
  HandshakeRole                   ServerWithClientAuth
  TTLSConnectionAdvancedParmsRef  cAdv1~MFASSL
  CtraceClearText                 Off
  Trace                           3
}
TTLSConnectionAction              cAct1~ZSERVER
{
  HandshakeRole                   ServerWithClientAuth
  TTLSConnectionAdvancedParmsRef  cAdv1~ZSERVER
  CtraceClearText                 Off
  Trace                           3
}
TTLSConnectionAdvancedParms       cAdv1~MFASSL
{
  SecondaryMap                    Off
}
TTLSConnectionAdvancedParms       cAdv1~ZSERVER
{
  SecondaryMap                    Off
}
TTLSKeyringParms                  keyR~ADCD113
{
  Keyring                         MFARING
}
TTLSCipherParms                   cipher1~MFASSL
{
  V3CipherSuites                  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  V3CipherSuites                  TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
  V3CipherSuites                  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  V3CipherSuites                  TLS_DH_RSA_WITH_AES_256_CBC_SHA
  V3CipherSuites                  TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
  V3CipherSuites                  TLS_DH_DSS_WITH_AES_256_CBC_SHA
  V3CipherSuites                  TLS_RSA_WITH_AES_256_CBC_SHA
  V3CipherSuites                  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  V3CipherSuites                  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  V3CipherSuites                  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  V3CipherSuites                  TLS_DH_RSA_WITH_AES_128_CBC_SHA
  V3CipherSuites                  TLS_DH_DSS_WITH_AES_128_CBC_SHA
  V3CipherSuites                  TLS_RSA_WITH_AES_128_CBC_SHA
  V3CipherSuites                  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  V3CipherSuites                  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
}
IpAddr                            addr1
{
  Addr                            10.24.11.231
}
PortRange                         portR1
{
  Port                            20201
}
PortRange                         portR2
{
  Port                            1024-65535
}
PortRange                         portR4
{
  Port                            1515
}
Previous Topic Next topic Print topic