Configuring TLS on the Mainframe Connector

Secured communication to the Mainframe Connector must be implemented using an AT-TLS policy. An AT-TLS policy states that communication must be implemented on a port defined to Mainframe as non-secured. The TLS processing is done by TCPIP and is transparent to the Mainframe Connector. For more information, refer to Implementing AT-TLS Policy for Mainframe Connector Communication.

The secured communication is implemented using server authentication.

Common implementation procedure to set up TLS for the Mainframe Connector

A valid server certificate with its associated server private key must be defined. This certificate must be signed by a trusted Certificate Authority's (CA).
The server certificate and the CA certificate must be connected to a key ring.
The server certificate signed by CA must be transferred (using FTP with ASCII mode) to the client and installed there to be used for certificate verification by the TLS handshake process.

Note
For testing purposes, a local CA can be defined for signing the server certificate.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Configuring TLS on the Mainframe Connector

Documentation Feedback