It probably wasn't answered because the manuals pretty much tell you how to do it. There are also examples in RedBooks. I set ours up several years ago, so I don't remember all the pain involved.
What may be important is your certificate authority. If you connections are internal, then you might get by with a self signed certificate. If you have external clients, you may need a commercial certificate. I had the most problems getting the certificates into RACF because of some LRECL/RECFM issues of the imported file. It also matters if you have hardware encryption co-processors. If this is your first SSL/TLS implementation, that will be the hard part. Getting TN3270 to use a secure port is pretty easy. Our heavy lifting is still done outboard on an obsolete Cisco CIP with Cisco SSL switches. When we were out of CPU, it made little sense to upgrade CPU just to encrypt tn3270 traffic when there were network boxes sitting there to do the same function for web applications. That setup is NOT in the books :-) Len Rugen "In theory, there is no difference between theory and practice. But in practice, there is." - Yogi Berra ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
