How do we specify KEYRING name in a batch FTP job?
Article ID: 94292
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
Issue/Introduction
How do we specify KEYRING name in a batch FTP job? Does the keyring name need to be associated with a user or a group of users?
Environment
Release:
Component: ACF2MS
Component: ACF2MS
Resolution
Use the KEYRING statement to define the key ring that contains the certificate to be used during the TLS handshake.
Server
Specifies the key ring database on the server's system.
Client
Specifies the key ring database on the client's system.
Syntax
>>-+---------------------------------+-------------------------><
'-KEYRING--+-keyringname--------+-'
'-userid/keyringname-'
Parameters
userid/keyringname
Allows multiple FTP users to share one key ring owned by another user. The keyringname value is the SAF key ring created by using the RACF® ADDRING function.
Restrictions:
- The userid value must be the user that actually owns the key ring.
- All users must have READ and UPDATE access to the IRR.DIGTCERT.LISTRING
resource in the FACILITY class when using an SAF key ring owned by another
user.
For example:
KEYRING / FTPS.RING LAST CHANGED BY ABCDEFG ON 05/02/18-12:24
DEFAULT() RINGNAME(FTPkeyring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.CERTINT1 certauth.certint1 CERTAUTH
CERTAUTH.CERTINT2 certauth.certint2 CERTAUTH
CERTAUTH.CERTROOT certauth.certroot CERTAUTH
The "Keyring" statement for the above Keyring would be:
KEYRING FTPS/FTPkeyring
Server
Specifies the key ring database on the server's system.
Client
Specifies the key ring database on the client's system.
Syntax
>>-+---------------------------------+-------------------------><
'-KEYRING--+-keyringname--------+-'
'-userid/keyringname-'
Parameters
userid/keyringname
Allows multiple FTP users to share one key ring owned by another user. The keyringname value is the SAF key ring created by using the RACF® ADDRING function.
Restrictions:
- The userid value must be the user that actually owns the key ring.
- All users must have READ and UPDATE access to the IRR.DIGTCERT.LISTRING
resource in the FACILITY class when using an SAF key ring owned by another
user.
For example:
KEYRING / FTPS.RING LAST CHANGED BY ABCDEFG ON 05/02/18-12:24
DEFAULT() RINGNAME(FTPkeyring)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.CERTINT1 certauth.certint1 CERTAUTH
CERTAUTH.CERTINT2 certauth.certint2 CERTAUTH
CERTAUTH.CERTROOT certauth.certroot CERTAUTH
The "Keyring" statement for the above Keyring would be:
KEYRING FTPS/FTPkeyring
Feedback
Yes
No
Powered by
