Certificates play an important part of ensuring that client server communication to and from z/OS takes place in a way that ensures secure data transport with both parties knowing that the other one is who they claim to be. It's not just about public private keys however, there are certificate authorities, trust roots, subject alternate names, extended key usage attributes, keyrings, keystores, enterprise security managers, x509 and .SSHID authentication, and more.
This talk will cover scenarios that matter to z/OS sites, such as using certs to replace userID/password login. Creating server side certificates from bottom up and having clients trust them, as well as taking externally issued certificates top down and gaining z/OS environment’s trust. In my experience with z/OS customers big and small, whether working with new to Z or experienced sysprogs, many folks get stuck with difficult to diagnose and fix issues where the resolution is around how TLS and SSH handshaking occurs when certificates are in play. This talk is designed to cover the most common ones as well as provide background to help folks understand the moving parts and hopefully avoid getting any in their own environments !