![[z/OS]](../images/ngzos.gif)
Daemon Secure Sockets Layer
Use the administrative console panel to modify the port and Secure Sockets Layer (SSL) port settings and to specify the SSL settings (the SSL repertoire). The default repertoire is the same one used for the server, which is a SystemSSL IIOP repertoire. During daemon initialization the SSL usage initialization is attempted if security is enabled and a valid repertoire is found. In order to turn off the daemon SSL port a cell-level WebSphere® variable (DAEMON_security_disable_daemon_ssl) must be created and set to 1. The default for this variable is 0.
- Administrative security is enabled
- A daemon SSL repertoire is configured in the administrative console (the daemon SSL repertoire refers to a valid RACF® keyring that is owned by the MVS™ user ID associated with the daemon process)
- A certificate and keyring have been defined
Location service daemon This panel specifies the configuration settings for the location service daemon for this cell. Changes made to these settings to the entire cell and to the location service daemon instance on each node in the cell. Job Name BBODMNC Specifies z/OS jobname of location service daemon. Host Name BOSSXXXX.PLEX1.L2.IBM.COM Specifies host name to be used when contacting location service daemon. Port 5755 Specifies port location service daemon listens on for unencrypted communication. SSL Port 5756 Specifies port location service daemon listens on for encrypted communication. SSL Setting PLEX1Manager/DefaultIIOPSSL Specifies a list of predefined SSL settings to choose from for connections. These are configured at the SSL repertoire panel.
DAEMON_com_ibm_DAEMON_protocol_TLSv1_enabled //* default 1
DAEMON_com_ibm_DAEMON_protocol_TLSv1_1_enabled //* default 0
DAEMON_com_ibm_DAEMON_protocol_TLSv1_2_enabled //* default 0
DAEMON_com_ibm_DAEMON_protocol_SSLv2_enabled //* default 0
DAEMON_com_ibm_DAEMON_protocol_SSLv3_enabled //* default 1
- Create a daemon keyring and certificate
- Connect the certificate and certificate authority (CA) certificates to the keyring.
If the daemon process is assigned the same MVS user ID assigned to a secure WebSphere Application Server, the keyring you use to secure WebSphere Application Server can also be used to secure daemon requests. If the daemon process is not assigned the same MVS user ID assigned to a secure WebSphere Application Server, it is recommended that you perform the daemon SSL setup similarly to the setup for your WebSphere Application Server. Modify the customization job commands generated in BBOCBRAK (or HLQ.DATA(BBODBRAK) on WebSphere Application Server, Network Deployment) to perform the steps in Setting up a Keyring for use by WebSphere Application Server for z/OS.