BlueZone Security ServerEnabling SSL on z/OSExpress Logon (ELF)

Express Logon (ELF)

  1. Create an HFS KEYRING file. Refer to Creating HFS KEYRING files for more information.
  2. Create a self-signed certificate if a trusted CA is not available. Refer to Creating self-signed certificates for more information.
  3. Create a server certificate. Refer to Creating server certificates for more information.
  4. Create a client certificate. Refer to Creating client certificates for more information.
  5. Add EXPRESSLOGON to the TelnetParms block.
  6. Issue the following command:
    SETR CLASSACT(PTKTDATA)
  7. Issue the following command:

    RDEF PTKTDATA TSOSYS1 SSIGNON(KEYMASKED(E001193519561977)) UACC(NONE) APPLDATA(‘NO REPLAY PROTECTION’)

    Where:

    • KEYMASKED is any combination of 16 hexadecimal characters.
    • TSOSYS1 is TSO concatenated with the value of SID in SMFPRMxx if VTAM generic resource naming is not being used. If VTAM generic resource naming is being used, see z/OS V1R4.0 Security Server RACF Security Administrator’s Guide, 7.13.3.1 Determining Profile Names.
    • A passticket expires in 10 minutes, to make it expire after signing on add: APPLDATA(‘NO REPLAY PROTECTION’).
Parent topic: Enabling SSL on z/OS