ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CCITCPGW secured

book

Article ID: 237373

calendar_today

Updated On:

Products

COMMON SERVICES FOR Z/OS

Issue/Introduction

How to secure the CCITCPGW connections to the lpars and if 2 ports can be defined for CCITCPGW STC. 

There is a new started task that needs to be implemented with a secure port and certificate.

Which sample is supplied to support this effort for the started task?

Environment

COMMON SERVICES 15.0 - z/OS supported releases - 

Resolution

The new started task with a secure port and certificate is CCISSLGW. 

The sample can be found in the library: CCS150.CAW0PROC(CCISSLGW)



It's not possible to run a single CCI task with 2 separate ports defined.

This is not a supported capability/configuration for CCI. Only one listener port is allowed.

Therefore the advice is to configure the CCISSLGW task to startup with the required certificates.

This second procedure is started via the PROTOCOL(TCPSSLGW) statement.

With this setup, the CCITCPGW task will be using one port and be the non-secured connection and the CCISSLGW task will use a different port and be the secured connection.




The alternative is to configure the CCISSLGW task to startup with the required certificates, but set UNSECON=NONSSL.

Once this is up and running, you can shutdown CCITCPGW and all connections can be managed with this one task.

With NONSSL defined, a remote CAICCI not supporting TLS is allowed to connect unsecured and a remote CAICCI supporting and enabled for TLS connects secure.