BlueZone Security ServerEnabling SSL on z/OSSSL for FTP using server certificate

SSL for FTP using server certificate

  1. Create an HFS KEYRING file. Refer to Creating HFS KEYRING files for more information.
  2. Create a self-signed certificate if a trusted CA is not available. Refer to Creating self-signed certificates for more information.
  3. Create a server certificate. Refer to Creating server certificates for more information.
  4. Modify the FTP configuration dataset, for example, TCPIP.FTP.DATA, and add the following:
    1. EXTENSIONS AUTH_TLS
    2. SECURE_LOGIN NO_CLIENT_AUTH
    3. TLSTIMEOUT 500
    4. KEYRING /ssl/key.kdb
    5. SECURE_CTRLCONN PRIVATE
    6. SECURE_DATACONN PRIVATE
    7. SECURE_FTP REQUIRED
    8. TLSPORT 0
Note: TLSPORT 0 was an undocumented parameter.
Parent topic: Enabling SSL on z/OS