Hello everyone,
Our interface team transfers daily settlement files from z/OS to an external partner using batch SFTP. The partner will rotate their server certificate next month. Current JCL invokes:
jcl
//SFTP EXEC PGM=BPXBATCH,
// PARM='SH /usr/lpp/ssh/bin/sftp -oBatchMode=yes \
// -b //DD:CMDS partner.example.com'
//CMDS DD *
put '//DD:INPUT' /inbound/settlement.dat
quit
The partner documentation states:
Could you describe how your organizations manage trust store updates on z/OS for unattended batch SFTP? Specifically, do you stage the new key in RACF key rings ahead of the cutover and validate with a test file?Clients must trust the new intermediate CA before the cutover window. Connections using the previous trust anchor will fail with certificate validation errors.
Thank you,
Susan