WebSphere Message Broker, Version 8.0.0.7
Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS
See information about the latest product version
See information about the latest product version
Enabling SSL on z/OS WebSphere Message Broker by using AT-TLS
You can use Application Transparent Transport Layer Security (AT-TLS) to provide Secure Sockets Layer (SSL) services on behalf of WebSphere® Message Broker on z/OS®. AT-TLS is part of z/OS Communication Server.
You can enable SSL by following
the instructions in Implementing SSL authentication on z/OS. This topic
describes an alternative method that uses AT-TLS to enable SSL without
the need to complete configuration steps in WebSphere Message
Broker. AT-TLS provides the following
benefits when using SSL/TLS protocols with WebSphere Message
Broker on z/OS:
- AT-TLS uses RACF® key rings and certificates.
- The Policy Agent (PAGENT) manages the rules and policies that define how SSL is used to connect to WebSphere Message Broker.
- PAGENT can distribute the rules and policies in a z/OS SYSPLEX environment.
- The WebSphere Message Broker administrator does not have to set any WebSphere Message Broker properties for SSL.
- HTTP or SOAP nodes in message flows can have standard HTTP settings (no SSL/HTTPS).
To configure AT-TLS in your z/OS environment for WebSphere Message Broker , complete the following steps:
- Create a RACF key ring by following the instructions in Creating a RACF key ring.
- Configure and activate PAGENT by following the instructions in Configuring and activating the policy agent (PAGENT).
- Define and install AT-TLS policies for WebSphere Message Broker by following the instructions in Defining and installing AT-TLS policies.
- Test and verify AT-TLS by using WebSphere Message Broker, as described in Testing and verifying AT-TLS.