Understand, manage and love certificates in z/OS and USS

Ulf Heinrich, SEGUS

Download PDF

Abstract: You can communicate with z/OS, USS, Db2, or any other server or service via “postcards”, or “sealed envelopes”. Even within a trusted network, unencrypted postcard communication isn’t state of the art and may compromise information you don’t intend to share. Web based solutions, like ZOWE, UMS, ADF,… require secure connections, but the set up can be frustrating. Setting up and using encrypted channels isn’t rocket science, but they’re all based on certificates that some people find difficult to manage.

This session sheds the light of secure communication and their implementation in z/OS and USS services. I’ll explain how secure communication is set up, established and managed, as well as understanding difficulties that may arise.

Learn everything you need to know about TLS, SSL and the mechanisms of HTTPs, FTPs, sFTP, s/MIME, … communication. Understand different types of certificates and their repositories, like KEYSTOREs, TRUSTSTOREs and KEYRINGs. And, last but not least – who do you trust, who is trustworthy and why.