On each z/OS system where a server or client application is to implement AT-TLS security, you need to perform these basic tasks:
Create a key ring
Create Policy Agent files
Add AT-TLS configuration
Add statements to the TTLSConfig policy file
Set up INITSTACK access control
Enable AT-TLS.
The following subsections present an example of configuration tasks performed to ensure SSL secure communication for the following network participants, all of which use self-signed digital certificates:
A z/OS CICS server named “CICSDEV1”
A z/OS CICS client
A Windows ASE server named “ase1”
A Windows Open Client client
