z/os FTP client does not support self signed certs. The z/os FTP server doesn't seem to care if you are not using client authentication.
The server parms are different from the client parms. Her are some working client parms (via FTPDATA dd statement): CLIENTERRCODES TRUE SECUREIMPLICITZOS FALSE TLSPORT 990 KEYRING THE_SUBMITTING_USER_PRIVATE_KEYRING SECURE_FTP REQUIRED SECURE_MECHANISM TLS FWFRIENDLY TRUE I found the server parms TCPPARMS(FTPSDATA). Look for 'Security Options'. Some key ones: EXTENSIONS AUTH_TLS SECURE_FTP ALLOWED KEYRING FTPSERVERKEYRING TLSRFCLEVEL DRAFT (May be required depending the client). Note: The minimal TLS session is the client speaks first. The server offers the certificate and the client accepts or refuses. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Ron Wells Sent: Wednesday, April 29, 2009 6:30 AM To: [email protected] Subject: FTP-TLS/SSL Does TLS / SSL need a self signed cert. or is that optional.. if so or others wise what are the minimum parms in ftpdata that need to be set ?? examples would be helpful ... Thanks NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
