<SASRoot>/SASHome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem
and
is set at SAS installation in the z/OS common options template. Therefore,
you no longer need to specify the -SSLCALISTLIC option.
//SPAWNER EXEC PGM=CNTSPAWN, // PARM='-service 4321 =<//DDN:SYSIN' //STEPLIB DD DISP=SHR,DSN=<customer.high.level.pfx>.LIBRARY //STEPLIB DD DISP=SHR,DSN=<customer.high.level.pfx>.LIBE //SYSPRINT DD SYSOUT=* //SYSTERM DD SYSOUT=* //TKMVSJNL DD SYSOUT=* //SYSOUT DD SYSOUT=* //SYSIN DD * -netencryptalgorithm ssl -sslpkcs12loc /users/server/certificates/server.p12 -sslpkcs12pass starbuck1 -sslcalistloc /users/server/certificates/sas.pem -sascmd /users/server/command.shThe following table explains the SAS commands that are used to start a spawner on a SAS/CONNECT server.
SAS Commands and Arguments
|
Function
|
---|---|
CNTSPAWN
|
Starts the spawner
|
-SERVICE 4321
|
Specifies the spawner
service that is listening on port 4321
|
- NETENCRYPTALGORITHM SSL
|
Specifies the SSL encryption algorithm
|
-SSLPKCS12LOC /users/server/certificates/serverkey.p12
|
|
-SSLPKCS12PASS password
|
Specifies the password to access the server's private key in the PKCS #12 package
|
-SSLCALISTLOC /users/server/certificates/sas.pem
|
Specifies the CA trust list.
Note: Starting in the third maintenance
release of SAS 9.4, if you are using the SDM to manage your certificates,
you no longer need to specify this command.
|
-SASCMD /users/server/command.sh
|
Specifies the name of
an executable file that starts a SAS session when you sign on without
a script file
|
command.sh
:
#!/bin/sh args=$* if [ -n "$NETENCRALG" ] ; then args="$args -netencralg $NETENCRALG" fi if [ -n "$SASDAEMONPORT" ] ; then args="$args -sasdaemonport $SASDAEMONPORT" fi if [ -n "$SASCLIENTPORT" ] ; then args="$args -sasclientport $SASCLIENTPORT" fi export TSOOUT= export SYSPROC=SAS.CLIST /bin/tso -t %sas -dmr -noterminal -sslpkcs12loc /users/server/certificates/serverkey.p12 -sslpkcs12pass password $args
options command-tcp netencryptalgorithm=ssl; options sslcalistloc="/users/johndoe/certificates/sas.pem"; %let machine=apex.server.com; signon machine.4321 user=_prompt_;The following table explains the SAS options that are used to connect to a SAS/CONNECT server.
SAS Options and Arguments
|
Client Access Tasks
|
---|---|
COMAMID=TCP
|
Specifies the TCP/IP
access method
|
NETENCRYPTALGORITHM=SSL
|
Specifies the encryption algorithm
|
SSLCALISTLOC=sas.pem
|
Specifies the CA trust list
|
SIGNON=server-ID.service
|
Specifies the server
and service to connect to
|
USER=_PROMPT_
|
Prompts for the user
ID and password to be used for authenticating the client to the server
|