SAP on IBM Z - Group home

TLS Certificate Authentication for SAP on IBM Z - update available!

By Wera Stoeckel posted Wed May 11, 2022 10:50 AM


An update of the best-practices guide covering TLS with Client-Certificate Authentication is available with multiple simplifications and improvements in our reference: 

  • Updated TLS 1.2 cipher suites recommendations, and prepared z/OS for TLS 1.3, so that it is ready when official TLS 1.3 support in other components becomes available.
  • Reduced the number of required certificates in the Db2 key ring
  • Easier Db2 relocation with multiple LPAR hostnames in the Db2 certificate, even if it was generated in RACF 
  • Simpler z/OS AT-TLS rules make adding definitions for new Db2 subsystems or data sharing groups easier.
  • New sections about Software Update Manager (work in progress) and Db2 Trusted Contexts.
  • Test environment upgrades to IBM z14 and z15 hardware and z/OS versions 2.4 and 2.5 
  • Reworked the certificates management chapter and explanations with a more logical structure 

TLS Certificate Authentication for SAP Application Server Connections to Db2 on IBM Z