Using Certificate for User Authentication

Our shop wants to move away from using userid and password for authentication.

  1. Does EntireX support the use of certificate for authentication against RACF?
  2. If you can advise on the how-tos I would greatly appreciate it.

We are using EXX 9.7 and 9.12. Authentication to EntireX in the backend is done via C# and java programs on the frontend. These modules do know the location of the certificate to read from.

Many thanks in advance.

Yes. Use of AT-TLS is strongly recommended to enable mainframe communications to be encrypted - configuration of RACF keyrings, etc is all done within AT-TLS. As of v9.12, the DEFAULTS=SSL options are not supported - you must use AT-TLS.

Client applications (outside the mainframe) will need the truststore containing the CA certificate that issues the mainframe server certificate. That certificate (or the self-signed certificate) will need to be in the Windows certificate manager for C# applications and in a jks truststore for Java programs.

EntireX does not support the use of certificates for authentication against RACF.

Douglas, you talk about SSL but this is not the question here. And the z/OS Broker still supports “DEFAULTS=SSL”, no need to use AT-TLS.