How do we specify KEYRING name in a batch FTP job?
search cancel

How do we specify KEYRING name in a batch FTP job?

book

Article ID: 94292

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

How do we specify KEYRING name in a batch FTP job? Does the keyring name need to be associated with a user or a group of users? 

Environment

Release:
Component: ACF2MS

Resolution

Use the KEYRING statement to define the key ring that contains the certificate to be used during the TLS handshake.

Server
Specifies the key ring database on the server's system.

Client
Specifies the key ring database on the client's system.

Syntax
>>-+---------------------------------+-------------------------><
   '-KEYRING--+-keyringname--------+-'   
              '-userid/keyringname-'     

Parameters
userid/keyringname

Allows multiple FTP users to share one key ring owned by another user. The keyringname value is the SAF key ring created by using the RACF® ADDRING function.

Restrictions:

- The userid value must be the user that actually owns the key ring.
- All users must have READ and UPDATE access to the IRR.DIGTCERT.LISTRING 
  resource in the FACILITY class when using an SAF key ring owned by another 
  user.

For example:

KEYRING / FTPS.RING LAST CHANGED BY ABCDEFG ON 05/02/18-12:24
DEFAULT() RINGNAME(FTPkeyring)
The following certificates are connected to this key ring:
CERTDATA record   Label                            Usage
----------------- -------------------------------- --------
CERTAUTH.CERTINT1 certauth.certint1                CERTAUTH
CERTAUTH.CERTINT2 certauth.certint2                CERTAUTH
CERTAUTH.CERTROOT certauth.certroot                CERTAUTH


The "Keyring" statement for the above Keyring would be:

KEYRING FTPS/FTPkeyring