SSL for SAS/SHARE under z/OS: Example

Start-up of a Multi-UserSAS/SHARE Server

After certificates for the CA, the server, and the client have been generated, and a CA trust list for the client has been created, you can start a SAS/SHARE server.

Here is an example of starting a secured SAS/SHARE server:

%let tcpsec=_secure_;
options netencryptalgorithm=ssl;
options sslpkcs12loc="/users/johndoe/certificates/server.p12;
options sslpkcs12pass="password";
proc server id=shrserv authenticate=opt; 
run;

The following table lists the SAS option or statement that is used for each task to start a server.

SAS Options, Statements, and Arguments for Server Start-Up Tasks

SAS Options, Statements, and Arguments	Server Start-Up Tasks
TCPSEC= _SECURE_	Secures the server
NETENCRALG=SSL	Specifies SSL as the encryption algorithm
SSLPKCS12LOC=server.p12	Specifies the filepath for the location of the server's private key
SSLPKCS12PASS="password"	Specifies the password to access server's private key
PROC SERVERID=shrserv	Starts the server
AUTHENTICATE=OPT	Allows trusted users to access the server without authentication

SAS/SHARE Client Access of a SAS/SHARE Server

After a SAS/SHARE server has been started, the client can access it.

Here is an example of how to make a client connection to a secured SAS/SHARE server:

options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
%let machine=apex.server.com;
libname a '.' server=machine.shrserv user=_prompt_;

The following table lists the SAS options that are used to access a SAS/SHARE server from a client.

SAS Options and Arguments for Accessing a SAS/SHARE Server from a Client

SAS Options and Arguments	Client Access Tasks
SSLCALISTLOC=cacerts.pem	Specifies the CA trust list
SERVER=machine.shrserv	Specifies the machine and server to connect to
USER=_PROMPT_	Prompts for the user ID and password to be used for authenticating the client to the server

The server-ID and the server's Common Name, which was specified in the server's certificate, must be identical.