How to set up TN3270 with an In House Certificate Authority.
search cancel

How to set up TN3270 with an In House Certificate Authority.

book

Article ID: 10259

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

How to set up TN3270 with an in house Certificate Authority.



Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

/* Create the TN3270 ACID */

TSS CREATE(TN3270) TYPE(USER) NAME('USS/TN3270 STC ID') FAC(STC) -

PASS(password) DEPT(dept) MASTFAC(TCPIP) -

NODSNCHK NORESCHK NOLCFCHK NOSUBCHK

TSS ADD(STC) PROCNAME(TN3270) ACID(TN3270)

TSS ADD(TN3270) UID(0)

TSS ADD(TN3270) GROUP(OMVSGRP) DFLTGRP(OMVSGRP)

TSS MODIFY(OMVSTABS)

 

/* Create Certificate Authority Certificate */

TSS GENCERT(CERTAUTH) DIGICERT(TSSCA) SUBJECTN('CN="TSS CA" -

O="company" C="US"')       -

LABLCERT('TSSCA') KEYUSAGE(CERTSIGN) NADATE(12/31/49)

 

/* Generate Certificate for TN3270 STC   */

TSS GENCERT(TN3270) DIGICERT(TCPCERT) SUBJECTN('CN="TN3270 cert" -

 O="company" C="US"') LABLCERT('TCPCERT') SIGNWITH(CERTAUTH,TSSCA) -

  NADATE(12/31/49)

 

  /* Create the TN3270 Keyring   */

TSS ADD(TN3270) KEYRING(TCPRING) LABLRING('TCPRING')

 

  /* Add the Personal Certificate to the Keyring      */

TSS ADD(TN3270) KEYRING(TCPRING) RINGDATA(TN3270,TCPCERT) -

 USAGE(PERSONAL) DEFAULT

 

   /* Add the CA Certificate to the Keyring   */

TSS ADD(TN3270) KEYRING(TCPRING) -

RINGDATA(CERTAUTH,TSSCA) USAGE(CERTAUTH)

 

  /* Issue the various Permits for TN3270   */

  TSS ADD(SYSTSD) IBMFAC(IRR.)

  TSS PER(TN3270) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE)

  TSS PER(TN3270) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE)

  TSS PER(TN3270) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE)

 

Make sure to update the TELNET Parms with the keyring.

Powered by Wolken Software