BSA CI requires an OMVS segment. You can use a separate OMVS segment, or you can use the default OMVS segment.
The following prerequisites are only of interest if you want to use runtime mode SSL.
SSL provides data privacy and integrity as well as client and server authentication based on public-key certificates. For each SSL connection, SSL uses a public and a private key.
There is a PKI mechanism for authenticating each side of the connection and for agreeing on encryption keys. These keys are generated and stored in key databases, known as key rings.
X.509 certificates, containing public keys, are also required. The X.509 certificates can be created or requested and obtained. In either case, a certificate is then subsequently linked to or associated with and becomes part of a key ring.
If you plan to implement SSL client certificate support, you must also have CA certificates from each certifying authority that verifies your client certificates. The certificate authority (CA) belongs to a started task, i.e. the STC is the owner of a CA. Several CAs can be used within BSA CI at the same time. A CA is the issuer of certificates and keys. RACF and ACF/2 can also be used as a CA and issue certificates. For each CA, a member for the key ring and one for the port definition must be available.
You must create a CA, make it HIGHTRUST, and add a key ring belonging to BSA CI to the CA. Next, create a certificate for BSA CI and connect it to the key ring.
For detailed instructions on the SSL options mentioned in the following procedure, see "Defining SSL authentication security".
Do the following to install BSA CI (You can ignore steps 1 and 3 if you are using NOSSL):
Note: Create a member for each key ring in use.
Note: The user ID of the STC requires an OMVS segment (separate OMVS segment or default OMVS segment). READ access to the facility class BPX.DEFAULT.USER is required.
To set up RACF so that it automatically uses default OMVS segments for users and groups that do not have their own OMVS segments in their USER or GROUP profiles, proceed as follows: