TLS for SAS/SHARE on z/OS: Example

Start-up of a Multi-UserSAS/SHARE Server

After certificates for the CA, the server, and the client have been generated, and a CA trust list for the client has been created, you can start a SAS/SHARE server.
Here is an example of starting a secured SAS/SHARE server:
%let tcpsec=_secure_;
options netencryptalgorithm=ssl;
options sslpkcs12loc="/users/johndoe/certificates/server.p12;
options sslpkcs12pass="password";
proc server id=shrserv; 
run;
The following table lists the SAS option or statement that is used for each task to start a server.
SAS Options, Statements, and Arguments for Server Start-Up Tasks
SAS Options, Statements, and Arguments
Server Start-Up Tasks
TCPSEC= _SECURE_
Secures the server
NETENCRALG=SSL
Specifies SSL as the encryption algorithm
SSLPKCS12LOC=server.p12
Specifies the filepath for the location of the server's private key
SSLPKCS12PASS="password"
Specifies the password to access server's private key
PROC SERVERID=shrserv
Starts the server

SAS/SHARE Client Access of a SAS/SHARE Server

After a SAS/SHARE server has been started, the client can access it.
Here is an example of how to make a client connection to a secured SAS/SHARE server:
options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
%let machine=apex.server.com;
libname a '.' server=machine.shrserv user=_prompt_;
The following table lists the SAS options that are used to access a SAS/SHARE server from a client.
SAS Options and Arguments for Accessing a SAS/SHARE Server from a Client
SAS Options and Arguments
Client Access Tasks
SSLCALISTLOC=cacerts.pem
Specifies the CA trust list
SERVER=machine.shrserv
Specifies the machine and server to connect to
USER=_PROMPT_
Prompts for the user ID and password to be used for authenticating the client to the server
The server-ID and the server's Common Name, which was specified in the server's certificate, must be identical.