The new started task with a secure port and certificate is CCISSLGW.
The sample can be found in the library: CCS150.CAW0PROC(CCISSLGW)
It's not possible to run a single CCI task with 2 separate ports defined.
This is not a supported capability/configuration for CCI. Only one listener port is allowed.
Therefore the advice is to configure the CCISSLGW task to startup with the required certificates.
This second procedure is started via the PROTOCOL(TCPSSLGW) statement.
With this setup, the CCITCPGW task will be using one port and be the non-secured connection and the CCISSLGW task will use a different port and be the secured connection.
The alternative is to configure the CCISSLGW task to startup with the required certificates, but set UNSECON=NONSSL.
Once this is up and running, you can shutdown CCITCPGW and all connections can be managed with this one task.
With NONSSL defined, a remote CAICCI not supporting TLS is allowed to connect unsecured and a remote CAICCI supporting and enabled for TLS connects secure.