You can configure CICS Transaction Gateway to use the SSL
cryptographic protocol for security and data integrity of communications
over a TCP/IP connection.
SSL key ring configuration
To use SSL for connections between Java client applications
and the Gateway daemon, or to use SSL for IPIC connections to CICS,
you must configure the SSL key ring in the configuration file, ctg.ini.
Using RACF key rings
The key rings that CICS Transaction
Gateway uses when establishing secure SSL connections are stored in RACF®. This provides an alternative
to Java™ keystore (.jks) files
stored in the ZFS (a USS filesystem).
Creating and maintaining hardware key ring files
You can use the hwkeytool command that
is provided as part of the IBM®Java software
development kit in much the same way as the keytool command
to generate key rings and manage certificates. Extra parameters are
available to specify how the key is stored on the cryptographic device,
and how it is to be used. You also have the option of labeling the
key on the cryptographic device.