Enable SAF Keyring

This option configures the application to use a SAF-managed keyring for secure communication with z/OS mainframe host connections.

It can be enabled when the protocol in the Connection panel is set to Telnet - TLS. Under TLS/SSL, the SAF Keyring option can be enabled. This option is applicable only on z/OS systems.

When these conditions are met, users can configure and enable the SAF Keyring option.

When a Keyring Name and Owner ID are provided, the application uses these values to locate and access the specified SAF keyring within the z/OS environment. This allows the application to securely retrieve the required certificates and establish an encrypted SSL/TLS connection with the mainframe host.

  • Keyring Name

    A unique identifier assigned to the SAF keyring. In RACF, this name is specified using the RACDCERT ADDRING() command when the keyring is created.

  • Owner ID

    The RACF user ID that owns the SAF keyring and has the required administrative and access permissions. The application combines the Owner ID and Keyring Name to identify the correct keyring and verify authorization to access the associated certificates.

On z/OS, initializing a SAF keyring activates a JVM-wide static cache that overrides the default trust store. This configuration remains in effect for lifetime of the JVM. To switch back to file-based trust stores, restart the JVM.