Hi Andrew,
The SSL Key is a key ring name defined in your security product. The key ring contains certificates that will help to validate the identity of machines that DFSMS will be communicating with over IP. For TCT using TS7700 advanced object store, the certificates we are talking about are those of the DS8000 HMCs. To be more specific we want to add the root/intermediate certificate that signed the DS8000 HMC certificate. Your DS8000 HMC certificates may either be signed by the 'internal root certificate authority' of the HMC itself or it may be signed by an actual certificate authority.
Chapter 7 in this redbook discusses the certificates in more detail. https://www.redbooks.ibm.com/redbooks/pdfs/sg248381.pdf
The Key/Secret key in the GDKAUTHP panel will map to a DS8000 HMC userID and password that you define. This can be either a local account or an LDAP one and does not need anything more than monitor role.
https://www.ibm.com/docs/en/zos/3.1.0?topic=services-cloud-data-access-cloud-credential-storage
We recently added support that moves the configuration away from the SMS network connection and into the z/OS filesystem under the HSM userIDs home directory. Now both the credentials and configuration is stored under CDA. Here is a link with some recently updated documentation:
https://public.dhe.ibm.com/eserver/zseries/zos/DFSMS/HSM/OA66198/OA66198_doc_updates.pdf