We are starting to use digital certificates and I have a few questions concerning the upload of the certificates from the PC to the mainframe.
We use FTP line commands to FTP the Digicerts from the PC to the mainframe.
1. How is it that the binary digicerts must use an of LREC=256? however the digicerts with BER-encoded, PKCS-7 BER-encoded and PEM encoded use an of LREC=84?
The documentation for Top Secret only specifies the following information for the DCDSN that the Digicerts will be FTP into:
physical sequential data set (DSORG=PS), variable blocked data set (RECFM=VB) and fully qualified name without enclosed quotes (LREC=84) BER-encoded, PKCS-7 BER-encoded, or PEM encoded. PEM certificates must be transported to MVS as TEXT and other forms transported as binary.
2. Are there any resources out there that would explain the differences between the digicerts; such as private; public key pairs and root CA that needs to be added to the CERTAUTH in Top Secret?
Just asking. In the process of configuring SSL/TLS for a new application to ensure the Mainframe is properly secured.
Thanks.